################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2025-03-27 16:12:07 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.190.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492855/; classtype:trojan-activity;sid:84355955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.76.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492854/; classtype:trojan-activity;sid:84355954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.65.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492853/; classtype:trojan-activity;sid:84355953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.52.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492852/; classtype:trojan-activity;sid:84355952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.113.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492850/; classtype:trojan-activity;sid:84355950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492849)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.13.17.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492849/; classtype:trojan-activity;sid:84355949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.81.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492848/; classtype:trojan-activity;sid:84355948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.252.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492847/; classtype:trojan-activity;sid:84355947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492845/; classtype:trojan-activity;sid:84355945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492844)"; flow:established,from_client; content:"GET"; http_method; content:"/netdch3eck.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cm8qfp4wb000208ic0hpxgols.info"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492844/; classtype:trojan-activity;sid:84355944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492843)"; flow:established,from_client; content:"GET"; http_method; content:"//godlybinsniggayoucantcrackthesebitch11111222268.sh"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"198.98.51.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492843/; classtype:trojan-activity;sid:84355943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.58.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492840/; classtype:trojan-activity;sid:84355940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.43.45.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492838/; classtype:trojan-activity;sid:84355938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.173.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492839/; classtype:trojan-activity;sid:84355939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.88.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492837/; classtype:trojan-activity;sid:84355937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.58.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492836/; classtype:trojan-activity;sid:84355936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.52.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492835/; classtype:trojan-activity;sid:84355935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.252.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492834/; classtype:trojan-activity;sid:84355934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.84.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492833/; classtype:trojan-activity;sid:84355933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.165.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492832/; classtype:trojan-activity;sid:84355932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.207.64.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492831/; classtype:trojan-activity;sid:84355931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.151.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492830/; classtype:trojan-activity;sid:84355930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.181.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492828/; classtype:trojan-activity;sid:84355928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.60.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492822/; classtype:trojan-activity;sid:84355922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.166.108.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492819/; classtype:trojan-activity;sid:84355919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.22.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492817/; classtype:trojan-activity;sid:84355917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.207.64.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492814/; classtype:trojan-activity;sid:84355914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.69.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492813/; classtype:trojan-activity;sid:84355913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.179.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492811/; classtype:trojan-activity;sid:84355911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.129.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492809/; classtype:trojan-activity;sid:84355909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.151.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492808/; classtype:trojan-activity;sid:84355908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.69.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492807/; classtype:trojan-activity;sid:84355907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.16.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492806/; classtype:trojan-activity;sid:84355906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.129.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492805/; classtype:trojan-activity;sid:84355905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.132.95.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492804/; classtype:trojan-activity;sid:84355904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.164.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492802/; classtype:trojan-activity;sid:84355902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.189.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492800/; classtype:trojan-activity;sid:84355900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.0.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492797/; classtype:trojan-activity;sid:84355897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.7.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492796/; classtype:trojan-activity;sid:84355896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.134.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492794/; classtype:trojan-activity;sid:84355894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.132.95.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492792/; classtype:trojan-activity;sid:84355892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.143.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492790/; classtype:trojan-activity;sid:84355890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.0.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492788/; classtype:trojan-activity;sid:84355888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.189.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492787/; classtype:trojan-activity;sid:84355887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.42.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492785/; classtype:trojan-activity;sid:84355885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.134.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492784/; classtype:trojan-activity;sid:84355884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.7.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492783/; classtype:trojan-activity;sid:84355883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.93.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492782/; classtype:trojan-activity;sid:84355882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.143.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492781/; classtype:trojan-activity;sid:84355881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.82.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492780/; classtype:trojan-activity;sid:84355880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492779/; classtype:trojan-activity;sid:84355879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.119.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492778/; classtype:trojan-activity;sid:84355878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.83.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492777/; classtype:trojan-activity;sid:84355877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.42.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492776/; classtype:trojan-activity;sid:84355876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.138.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492775/; classtype:trojan-activity;sid:84355875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.9.147.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492774/; classtype:trojan-activity;sid:84355874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.82.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492772/; classtype:trojan-activity;sid:84355872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492771/; classtype:trojan-activity;sid:84355871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492769/; classtype:trojan-activity;sid:84355869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.138.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492768/; classtype:trojan-activity;sid:84355868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.37.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492767/; classtype:trojan-activity;sid:84355867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.119.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492766/; classtype:trojan-activity;sid:84355866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.226.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492765/; classtype:trojan-activity;sid:84355865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.111.98.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492763/; classtype:trojan-activity;sid:84355863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.9.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492762/; classtype:trojan-activity;sid:84355862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.80.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492761/; classtype:trojan-activity;sid:84355861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.9.147.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492760/; classtype:trojan-activity;sid:84355860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.1.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492757/; classtype:trojan-activity;sid:84355857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.227.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492758/; classtype:trojan-activity;sid:84355858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.80.164.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492756/; classtype:trojan-activity;sid:84355856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.132.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492755/; classtype:trojan-activity;sid:84355855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.226.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492754/; classtype:trojan-activity;sid:84355854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.250.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492753/; classtype:trojan-activity;sid:84355853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.236.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492752/; classtype:trojan-activity;sid:84355852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.88.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492751/; classtype:trojan-activity;sid:84355851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.97.231.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492750/; classtype:trojan-activity;sid:84355850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.250.6.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492749/; classtype:trojan-activity;sid:84355849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492745)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ohsitsvegawellrip.sh"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.86.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492745/; classtype:trojan-activity;sid:84355845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492746)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/k03ldc.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.86.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492746/; classtype:trojan-activity;sid:84355846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492747)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/k03ldc.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.86.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492747/; classtype:trojan-activity;sid:84355847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492748)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/k03ldc.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.86.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492748/; classtype:trojan-activity;sid:84355848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.227.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492731/; classtype:trojan-activity;sid:84355831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492732)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/k03ldc.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.86.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492732/; classtype:trojan-activity;sid:84355832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492733)"; flow:established,from_client; content:"GET"; http_method; content:"/k03ldc.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.86.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492733/; classtype:trojan-activity;sid:84355833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492734)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/k03ldc.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.86.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492734/; classtype:trojan-activity;sid:84355834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492735)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/k03ldc.i486"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.86.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492735/; classtype:trojan-activity;sid:84355835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492736)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/k03ldc.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.86.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492736/; classtype:trojan-activity;sid:84355836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492737)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/k03ldc.i686"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.86.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492737/; classtype:trojan-activity;sid:84355837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492738)"; flow:established,from_client; content:"GET"; http_method; content:"/k03ldc.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"196.251.86.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492738/; classtype:trojan-activity;sid:84355838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492739)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/k03ldc.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.86.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492739/; classtype:trojan-activity;sid:84355839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492740)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/k03ldc.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.86.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492740/; classtype:trojan-activity;sid:84355840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492741)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/k03ldc.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.86.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492741/; classtype:trojan-activity;sid:84355841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492742)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/k03ldc.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.86.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492742/; classtype:trojan-activity;sid:84355842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492743)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/k03ldc.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.86.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492743/; classtype:trojan-activity;sid:84355843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492744)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/k03ldc.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.86.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492744/; classtype:trojan-activity;sid:84355844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.159.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492720/; classtype:trojan-activity;sid:84355820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.121.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492714/; classtype:trojan-activity;sid:84355814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.250.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492713/; classtype:trojan-activity;sid:84355813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.179.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492703/; classtype:trojan-activity;sid:84355803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.132.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492702/; classtype:trojan-activity;sid:84355802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.131.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492701/; classtype:trojan-activity;sid:84355801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.232.56.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492700/; classtype:trojan-activity;sid:84355800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.97.231.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492699/; classtype:trojan-activity;sid:84355799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.250.6.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492698/; classtype:trojan-activity;sid:84355798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.255.192.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492696/; classtype:trojan-activity;sid:84355796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.72.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492694/; classtype:trojan-activity;sid:84355794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.255.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492693/; classtype:trojan-activity;sid:84355793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492692)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492692/; classtype:trojan-activity;sid:84355792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.159.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492687/; classtype:trojan-activity;sid:84355787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.255.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492684/; classtype:trojan-activity;sid:84355784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.183.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492682/; classtype:trojan-activity;sid:84355782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.177.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492680/; classtype:trojan-activity;sid:84355780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.120.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492676/; classtype:trojan-activity;sid:84355776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.159.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492675/; classtype:trojan-activity;sid:84355775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.215.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492674/; classtype:trojan-activity;sid:84355774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.182.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492672/; classtype:trojan-activity;sid:84355772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.120.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492667/; classtype:trojan-activity;sid:84355767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.32.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492666/; classtype:trojan-activity;sid:84355766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.177.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492665/; classtype:trojan-activity;sid:84355765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.38.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492663/; classtype:trojan-activity;sid:84355763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.18.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492660/; classtype:trojan-activity;sid:84355760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.104.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492659/; classtype:trojan-activity;sid:84355759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.166.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492656/; classtype:trojan-activity;sid:84355756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.28.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492654/; classtype:trojan-activity;sid:84355754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.38.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492653/; classtype:trojan-activity;sid:84355753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492652/; classtype:trojan-activity;sid:84355752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.32.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492650/; classtype:trojan-activity;sid:84355750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.18.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492649/; classtype:trojan-activity;sid:84355749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.19.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492643/; classtype:trojan-activity;sid:84355743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.74.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492642/; classtype:trojan-activity;sid:84355742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.84.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492639/; classtype:trojan-activity;sid:84355739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.74.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492638/; classtype:trojan-activity;sid:84355738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.156.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492636/; classtype:trojan-activity;sid:84355736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.166.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492637/; classtype:trojan-activity;sid:84355737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.160.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492635/; classtype:trojan-activity;sid:84355735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.183.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492634/; classtype:trojan-activity;sid:84355734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.217.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492633/; classtype:trojan-activity;sid:84355733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.254.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492632/; classtype:trojan-activity;sid:84355732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.211.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492631/; classtype:trojan-activity;sid:84355731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.23.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492629/; classtype:trojan-activity;sid:84355729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.84.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492626/; classtype:trojan-activity;sid:84355726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.156.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492625/; classtype:trojan-activity;sid:84355725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492619)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/wild-storage/releases/download/v1.0/app.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492619/; classtype:trojan-activity;sid:84355719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492620)"; flow:established,from_client; content:"GET"; http_method; content:"/jo-dll/hb4/releases/download/v2.0/software.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492620/; classtype:trojan-activity;sid:84355720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492621)"; flow:established,from_client; content:"GET"; http_method; content:"/bbget00/wikitok/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492621/; classtype:trojan-activity;sid:84355721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492622)"; flow:established,from_client; content:"GET"; http_method; content:"/abdeu-cpu/coap-mqtt-encryption/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492622/; classtype:trojan-activity;sid:84355722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492618)"; flow:established,from_client; content:"GET"; http_method; content:"/bbget00/wikitok/releases/download/v1.0/app.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492618/; classtype:trojan-activity;sid:84355718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492609)"; flow:established,from_client; content:"GET"; http_method; content:"/rake4367/hackernews-cn/releases/download/2.0.3/hackernews-cn-2.0.3.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492609/; classtype:trojan-activity;sid:84355709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492611)"; flow:established,from_client; content:"GET"; http_method; content:"/forzon96/cataclismo/releases/download/1.4.6/cataclismo_1.4.6.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492611/; classtype:trojan-activity;sid:84355711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492613)"; flow:established,from_client; content:"GET"; http_method; content:"/mjunaid87/tokenset/releases/download/v2.8.1/tokenset.v2.8.1.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492613/; classtype:trojan-activity;sid:84355713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.254.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492616/; classtype:trojan-activity;sid:84355716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492608)"; flow:established,from_client; content:"GET"; http_method; content:"/joacokia/oopd/releases/download/bretschneideraceae/oopd_bretschneideraceae.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492608/; classtype:trojan-activity;sid:84355708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.217.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492607/; classtype:trojan-activity;sid:84355707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492601)"; flow:established,from_client; content:"GET"; http_method; content:"/stayns/glpwnme/releases/download/3.1.1/glpwnme-3.1.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492601/; classtype:trojan-activity;sid:84355701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492602)"; flow:established,from_client; content:"GET"; http_method; content:"/catexec/signature-recognition-cnn/releases/download/v1.6.8/signature-recognition-cnn-v1.6.8.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492602/; classtype:trojan-activity;sid:84355702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492604)"; flow:established,from_client; content:"GET"; http_method; content:"/tombalestra/m3-spatial/releases/download/v3.3.4/m3-spatial-v3.3.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492604/; classtype:trojan-activity;sid:84355704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492600)"; flow:established,from_client; content:"GET"; http_method; content:"/mardecilnonp568/assasin-creed-shadows/releases/download/v2.7.5/assassin-creed-shadows-v2.7.5.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492600/; classtype:trojan-activity;sid:84355700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.20.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492598/; classtype:trojan-activity;sid:84355698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.30.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492599/; classtype:trojan-activity;sid:84355699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.60.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492596/; classtype:trojan-activity;sid:84355696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492593)"; flow:established,from_client; content:"GET"; http_method; content:"/goongangontop/arm|3f|"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"198.98.51.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492593/; classtype:trojan-activity;sid:84355693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.171.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492592/; classtype:trojan-activity;sid:84355692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492591)"; flow:established,from_client; content:"GET"; http_method; content:"/sudip1801/loyalty/releases/download/v3.4.4-alpha.1/loyalty_v3.4.4-alpha.1.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492591/; classtype:trojan-activity;sid:84355691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492586)"; flow:established,from_client; content:"GET"; http_method; content:"/bosstrung/fedora/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492586/; classtype:trojan-activity;sid:84355686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492580)"; flow:established,from_client; content:"GET"; http_method; content:"/jppb1216/hit-swap-fix/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492580/; classtype:trojan-activity;sid:84355680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492582)"; flow:established,from_client; content:"GET"; http_method; content:"/hzufu/cosmicstar/releases/download/v1.0/application.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492582/; classtype:trojan-activity;sid:84355682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492583)"; flow:established,from_client; content:"GET"; http_method; content:"/lwnie/nitrodreams-2024/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492583/; classtype:trojan-activity;sid:84355683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492584)"; flow:established,from_client; content:"GET"; http_method; content:"/jppb1216/hit-swap-fix/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492584/; classtype:trojan-activity;sid:84355684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492585)"; flow:established,from_client; content:"GET"; http_method; content:"/lwnie/nitrodreams-2024/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492585/; classtype:trojan-activity;sid:84355685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492578)"; flow:established,from_client; content:"GET"; http_method; content:"/artinplay123/seed-checker-by-creqtor/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492578/; classtype:trojan-activity;sid:84355678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492579)"; flow:established,from_client; content:"GET"; http_method; content:"/artinplay123/seed-checker-by-creqtor/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492579/; classtype:trojan-activity;sid:84355679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492575)"; flow:established,from_client; content:"GET"; http_method; content:"/taham56/bliss_browser_golo/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492575/; classtype:trojan-activity;sid:84355675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492576)"; flow:established,from_client; content:"GET"; http_method; content:"/taham56/bliss_browser_golo/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492576/; classtype:trojan-activity;sid:84355676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492577)"; flow:established,from_client; content:"GET"; http_method; content:"/antifreezsa/portfolio/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492577/; classtype:trojan-activity;sid:84355677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.30.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492574/; classtype:trojan-activity;sid:84355674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492572)"; flow:established,from_client; content:"GET"; http_method; content:"/alex12185656556565556/nuxt3-start-template/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492572/; classtype:trojan-activity;sid:84355672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492573)"; flow:established,from_client; content:"GET"; http_method; content:"/alex12185656556565556/nuxt3-start-template/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492573/; classtype:trojan-activity;sid:84355673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.180.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492569/; classtype:trojan-activity;sid:84355669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492563)"; flow:established,from_client; content:"GET"; http_method; content:"/reninstem/productlisting/releases/download/2.6.1/productlisting-2.6.1.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492563/; classtype:trojan-activity;sid:84355663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.171.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492561/; classtype:trojan-activity;sid:84355661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.60.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492560/; classtype:trojan-activity;sid:84355660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492559)"; flow:established,from_client; content:"GET"; http_method; content:"/puckmedal/instamassunliker/releases/download/3.4.3-beta.3/instamassunliker-3.4.3-beta.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492559/; classtype:trojan-activity;sid:84355659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.59.217.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492558/; classtype:trojan-activity;sid:84355658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492557)"; flow:established,from_client; content:"GET"; http_method; content:"/suvam-01/alayalite/releases/download/v1.4.8/alayalite_v1.4.8.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492557/; classtype:trojan-activity;sid:84355657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492555)"; flow:established,from_client; content:"GET"; http_method; content:"/aplasta/evolunoob/releases/download/v3.5.6/evolunoob_v3.5.6.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492555/; classtype:trojan-activity;sid:84355655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492553)"; flow:established,from_client; content:"GET"; http_method; content:"/ricardocrc735/navicatpwn/releases/download/3.2.3/navicatpwn-3.2.3.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492553/; classtype:trojan-activity;sid:84355653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492551)"; flow:established,from_client; content:"GET"; http_method; content:"/gayathriemblock/faze-hwid-spoofer-undetected/releases/download/3.7.3/faze-hwid-spoofer-undetected-3-7-3.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492551/; classtype:trojan-activity;sid:84355651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.81.3.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492550/; classtype:trojan-activity;sid:84355650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.243.229.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492548/; classtype:trojan-activity;sid:84355648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.213.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492545/; classtype:trojan-activity;sid:84355645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.81.3.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492542/; classtype:trojan-activity;sid:84355642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.23.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492541/; classtype:trojan-activity;sid:84355641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.168.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492539/; classtype:trojan-activity;sid:84355639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.251.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492536/; classtype:trojan-activity;sid:84355636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.86.160.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492535/; classtype:trojan-activity;sid:84355635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492533/; classtype:trojan-activity;sid:84355633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.227.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492531/; classtype:trojan-activity;sid:84355631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.180.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492530/; classtype:trojan-activity;sid:84355630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.251.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492527/; classtype:trojan-activity;sid:84355627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.168.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492526/; classtype:trojan-activity;sid:84355626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.23.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492521/; classtype:trojan-activity;sid:84355621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.180.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492519/; classtype:trojan-activity;sid:84355619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.40.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492516/; classtype:trojan-activity;sid:84355616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.120.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492514/; classtype:trojan-activity;sid:84355614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.89.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492510/; classtype:trojan-activity;sid:84355610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.227.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492505/; classtype:trojan-activity;sid:84355605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.222.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492502/; classtype:trojan-activity;sid:84355602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.12.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492503/; classtype:trojan-activity;sid:84355603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.2.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492496/; classtype:trojan-activity;sid:84355596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.222.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492494/; classtype:trojan-activity;sid:84355594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.237.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492493/; classtype:trojan-activity;sid:84355593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.210.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492492/; classtype:trojan-activity;sid:84355592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.12.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492490/; classtype:trojan-activity;sid:84355590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.89.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492488/; classtype:trojan-activity;sid:84355588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"news.innocreed.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492483/; classtype:trojan-activity;sid:84355583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"assets.innocreed.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492485/; classtype:trojan-activity;sid:84355585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"secure.innocreed.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492480/; classtype:trojan-activity;sid:84355580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492468/; classtype:trojan-activity;sid:84355568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492458)"; flow:established,from_client; content:"GET"; http_method; content:"/download/ssh.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.126.82.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492458/; classtype:trojan-activity;sid:84355558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492459)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.126.82.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492459/; classtype:trojan-activity;sid:84355559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"make-dd.innocreed.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492456/; classtype:trojan-activity;sid:84355556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pac.innocreed.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492447/; classtype:trojan-activity;sid:84355547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"apolog.innocreed.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492448/; classtype:trojan-activity;sid:84355548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"sic.innocreed.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492449/; classtype:trojan-activity;sid:84355549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"rsec.innocreed.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492450/; classtype:trojan-activity;sid:84355550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"cloudcontrol.innocreed.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492451/; classtype:trojan-activity;sid:84355551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"modocs.innocreed.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492452/; classtype:trojan-activity;sid:84355552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"vcloud.innocreed.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492453/; classtype:trojan-activity;sid:84355553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"dev-ns.innocreed.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492436/; classtype:trojan-activity;sid:84355536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"sec-ans.innocreed.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492437/; classtype:trojan-activity;sid:84355537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"noirdim.innocreed.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492438/; classtype:trojan-activity;sid:84355538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"services.innocreed.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492439/; classtype:trojan-activity;sid:84355539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"sec-nv.innocreed.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492441/; classtype:trojan-activity;sid:84355541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"hunter.innocreed.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492442/; classtype:trojan-activity;sid:84355542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"kemoni.innocreed.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492443/; classtype:trojan-activity;sid:84355543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"anse.innocreed.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492444/; classtype:trojan-activity;sid:84355544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"doc-ads.innocreed.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492445/; classtype:trojan-activity;sid:84355545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"baasmm.innocreed.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492446/; classtype:trojan-activity;sid:84355546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"isec.innocreed.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492429/; classtype:trojan-activity;sid:84355529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"g-sec.innocreed.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492430/; classtype:trojan-activity;sid:84355530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"rvsec.innocreed.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492431/; classtype:trojan-activity;sid:84355531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"hn-sec.innocreed.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492433/; classtype:trojan-activity;sid:84355533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"fn-dev.innocreed.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492434/; classtype:trojan-activity;sid:84355534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"doxs.innocreed.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492413/; classtype:trojan-activity;sid:84355513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"msec.innocreed.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492414/; classtype:trojan-activity;sid:84355514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wizzord.innocreed.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492415/; classtype:trojan-activity;sid:84355515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"expiredpanel-1.innocreed.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492416/; classtype:trojan-activity;sid:84355516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"osfix.innocreed.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492418/; classtype:trojan-activity;sid:84355518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"mrach.innocreed.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492420/; classtype:trojan-activity;sid:84355520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"fsec.innocreed.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492422/; classtype:trojan-activity;sid:84355522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"tm-supp.innocreed.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492423/; classtype:trojan-activity;sid:84355523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"csec.innocreed.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492391/; classtype:trojan-activity;sid:84355491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"help.innocreed.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492392/; classtype:trojan-activity;sid:84355492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"soc.innocreed.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492393/; classtype:trojan-activity;sid:84355493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"jtsec.innocreed.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492394/; classtype:trojan-activity;sid:84355494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"rev.innocreed.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492395/; classtype:trojan-activity;sid:84355495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"nj-sec.innocreed.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492396/; classtype:trojan-activity;sid:84355496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"nc-sec.innocreed.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492397/; classtype:trojan-activity;sid:84355497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"itsec.innocreed.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492399/; classtype:trojan-activity;sid:84355499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"dcontrol.innocreed.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492400/; classtype:trojan-activity;sid:84355500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"zliong.innocreed.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492401/; classtype:trojan-activity;sid:84355501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"vtsec.innocreed.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492402/; classtype:trojan-activity;sid:84355502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"support.innocreed.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492403/; classtype:trojan-activity;sid:84355503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"right.innocreed.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492405/; classtype:trojan-activity;sid:84355505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"kimkom.innocreed.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492407/; classtype:trojan-activity;sid:84355507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"jrdevil.innocreed.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492409/; classtype:trojan-activity;sid:84355509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pv-sq.innocreed.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492410/; classtype:trojan-activity;sid:84355510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"hr-manger.innocreed.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492411/; classtype:trojan-activity;sid:84355511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"skully.innocreed.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492412/; classtype:trojan-activity;sid:84355512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"zen-doc.innocreed.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492383/; classtype:trojan-activity;sid:84355483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wsec.innocreed.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492385/; classtype:trojan-activity;sid:84355485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www1.bwg-kundendaten.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492348/; classtype:trojan-activity;sid:84355448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"acc.frsk6.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492362/; classtype:trojan-activity;sid:84355462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.mrdn2.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492347/; classtype:trojan-activity;sid:84355447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.188.13.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492339/; classtype:trojan-activity;sid:84355439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.237.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492338/; classtype:trojan-activity;sid:84355438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492328)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.239.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492328/; classtype:trojan-activity;sid:84355428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.180.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492327/; classtype:trojan-activity;sid:84355427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.210.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492323/; classtype:trojan-activity;sid:84355423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.255.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492321/; classtype:trojan-activity;sid:84355421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492318/; classtype:trojan-activity;sid:84355418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.230.160.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492316/; classtype:trojan-activity;sid:84355416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.60.129.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492315/; classtype:trojan-activity;sid:84355415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.249.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492306/; classtype:trojan-activity;sid:84355406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.249.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492301/; classtype:trojan-activity;sid:84355401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.231.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492294/; classtype:trojan-activity;sid:84355394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.255.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492293/; classtype:trojan-activity;sid:84355393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.196.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492291/; classtype:trojan-activity;sid:84355391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.114.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492285/; classtype:trojan-activity;sid:84355385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.255.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492283/; classtype:trojan-activity;sid:84355383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.245.3.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492281/; classtype:trojan-activity;sid:84355381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.48.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492279/; classtype:trojan-activity;sid:84355379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.196.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492274/; classtype:trojan-activity;sid:84355374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.15.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492271/; classtype:trojan-activity;sid:84355371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.60.129.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492270/; classtype:trojan-activity;sid:84355370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.115.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492269/; classtype:trojan-activity;sid:84355369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.200.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492267/; classtype:trojan-activity;sid:84355367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.37.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492264/; classtype:trojan-activity;sid:84355364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.245.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492263/; classtype:trojan-activity;sid:84355363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.69.98.162"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492262/; classtype:trojan-activity;sid:84355362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.96.109"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492261/; classtype:trojan-activity;sid:84355361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.245.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492256/; classtype:trojan-activity;sid:84355356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.150.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492257/; classtype:trojan-activity;sid:84355357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.96.109"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492254/; classtype:trojan-activity;sid:84355354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.15.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492255/; classtype:trojan-activity;sid:84355355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.136.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492251/; classtype:trojan-activity;sid:84355351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.41.83.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492250/; classtype:trojan-activity;sid:84355350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.98.162"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492247/; classtype:trojan-activity;sid:84355347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.195.7.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492244/; classtype:trojan-activity;sid:84355344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492238)"; flow:established,from_client; content:"GET"; http_method; content:"/darksoul67m2b8/1ad-thesims4d/releases/download/0uhwsn30k1/6xtetndm5xnggc.rar"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492238/; classtype:trojan-activity;sid:84355338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.168.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492231/; classtype:trojan-activity;sid:84355331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492224)"; flow:established,from_client; content:"GET"; http_method; content:"/lordland929on6/1ab-phantasystaronline2b/releases/download/p7ew0zthra/156qeiu3fhnohcj2.rar"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492224/; classtype:trojan-activity;sid:84355324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.195.7.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492220/; classtype:trojan-activity;sid:84355320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.41.83.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492219/; classtype:trojan-activity;sid:84355319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.71.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492217/; classtype:trojan-activity;sid:84355317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.111.98.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492207/; classtype:trojan-activity;sid:84355307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.164.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492200/; classtype:trojan-activity;sid:84355300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492193)"; flow:established,from_client; content:"GET"; http_method; content:"/jaiaiaka/pancake-protectors-crypto-bot-crypto-game-auto-farm-clicker-cheat-token-hack-api/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492193/; classtype:trojan-activity;sid:84355293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492194)"; flow:established,from_client; content:"GET"; http_method; content:"/jaiaiaka/pancake-protectors-crypto-bot-crypto-game-auto-farm-clicker-cheat-token-hack-api/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492194/; classtype:trojan-activity;sid:84355294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492190)"; flow:established,from_client; content:"GET"; http_method; content:"/culeb12/sweet-bonanza-slot-hack-free-spin-hack/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492190/; classtype:trojan-activity;sid:84355290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492191)"; flow:established,from_client; content:"GET"; http_method; content:"/culeb12/sweet-bonanza-slot-hack-free-spin-hack/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492191/; classtype:trojan-activity;sid:84355291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492188)"; flow:established,from_client; content:"GET"; http_method; content:"/eding442gfm/1ar-bladeandsoulr/releases/download/4sd7l2qydh/37uji8i2.rar"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492188/; classtype:trojan-activity;sid:84355288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492186)"; flow:established,from_client; content:"GET"; http_method; content:"/eding442gfm/1ax-bladeandsoulx/releases/download/n6seqop1o4/q.rar"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492186/; classtype:trojan-activity;sid:84355286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492185)"; flow:established,from_client; content:"GET"; http_method; content:"/bubbies6lmmu/1ae-minecrafte/releases/download/i8w2ux9vxu/5nqizv.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492185/; classtype:trojan-activity;sid:84355285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.59.217.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492182/; classtype:trojan-activity;sid:84355282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.89.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492180/; classtype:trojan-activity;sid:84355280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.191.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492181/; classtype:trojan-activity;sid:84355281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.123.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492179/; classtype:trojan-activity;sid:84355279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.164.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492177/; classtype:trojan-activity;sid:84355277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.121.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492174/; classtype:trojan-activity;sid:84355274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.112.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492172/; classtype:trojan-activity;sid:84355272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.106.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492169/; classtype:trojan-activity;sid:84355269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492168)"; flow:established,from_client; content:"GET"; http_method; content:"/howlux40worthyfp4h/1af-starwars-theoldrepublicf/releases/download/j0ndd81djg/eskf6bqczzc2j.rar"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492168/; classtype:trojan-activity;sid:84355268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492167)"; flow:established,from_client; content:"GET"; http_method; content:"/wijayalabs/miside-cheat/releases/download/v1.8.5/miside-cheat_v1.8.5.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492167/; classtype:trojan-activity;sid:84355267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.6.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492165/; classtype:trojan-activity;sid:84355265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.3.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492164/; classtype:trojan-activity;sid:84355264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.28.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492162/; classtype:trojan-activity;sid:84355262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492160)"; flow:established,from_client; content:"GET"; http_method; content:"/uragon005/ai-chatbot-svelte/releases/download/v2.4.5/ai-chatbot-svelte_v2.4.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492160/; classtype:trojan-activity;sid:84355260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.241.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492159/; classtype:trojan-activity;sid:84355259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.112.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492157/; classtype:trojan-activity;sid:84355257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.244.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492156/; classtype:trojan-activity;sid:84355256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.135.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492154/; classtype:trojan-activity;sid:84355254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.34.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492152/; classtype:trojan-activity;sid:84355252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492149)"; flow:established,from_client; content:"GET"; http_method; content:"/serapunk/cheat-escape-from-tarkov/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492149/; classtype:trojan-activity;sid:84355249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492144)"; flow:established,from_client; content:"GET"; http_method; content:"/nickmelo12/free-fire-panel-pc/releases/download/v1.0/release_x64.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492144/; classtype:trojan-activity;sid:84355244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492145)"; flow:established,from_client; content:"GET"; http_method; content:"/serapunk/cheat-escape-from-tarkov/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492145/; classtype:trojan-activity;sid:84355245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492147)"; flow:established,from_client; content:"GET"; http_method; content:"/formulassag/call-of-duty-modern-warfare-3-mw3-hack-cheat-aimbot-esp-unban-hwid-unlocks-gunlvl/releases/download/v1.0/software.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492147/; classtype:trojan-activity;sid:84355247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492148)"; flow:established,from_client; content:"GET"; http_method; content:"/clishine/blade-ball/releases/download/v1.0/release.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492148/; classtype:trojan-activity;sid:84355248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492141)"; flow:established,from_client; content:"GET"; http_method; content:"/formulassag/call-of-duty-modern-warfare-3-mw3-hack-cheat-aimbot-esp-unban-hwid-unlocks-gunlvl/releases/download/v2.0/software.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492141/; classtype:trojan-activity;sid:84355241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.135.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492138/; classtype:trojan-activity;sid:84355238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492135)"; flow:established,from_client; content:"GET"; http_method; content:"/abdeguay/seed-phrase-generator/releases/download/v1.0/release.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492135/; classtype:trojan-activity;sid:84355235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.28.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492137/; classtype:trojan-activity;sid:84355237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492134)"; flow:established,from_client; content:"GET"; http_method; content:"/abdeguay/seed-phrase-generator/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492134/; classtype:trojan-activity;sid:84355234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.34.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492133/; classtype:trojan-activity;sid:84355233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492131)"; flow:established,from_client; content:"GET"; http_method; content:"/coder9440/drop2/refs/heads/main/faktura_586507.pdf.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492131/; classtype:trojan-activity;sid:84355231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.244.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492129/; classtype:trojan-activity;sid:84355229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.3.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492127/; classtype:trojan-activity;sid:84355227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492123)"; flow:established,from_client; content:"GET"; http_method; content:"/mathists9/abaqus-aluminum-bending-ductile-damage-3d/releases/download/2.7.3/release.2.7.3.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492123/; classtype:trojan-activity;sid:84355223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.200.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492121/; classtype:trojan-activity;sid:84355221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492120)"; flow:established,from_client; content:"GET"; http_method; content:"/lauriiiiii/dawfraweda/raw/refs/heads/main/client-built-woprkingfr.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492120/; classtype:trojan-activity;sid:84355220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492114)"; flow:established,from_client; content:"GET"; http_method; content:"/henryhendysheer/eth-transaction-inspector/releases/download/v1.0/release_x64.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492114/; classtype:trojan-activity;sid:84355214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492116)"; flow:established,from_client; content:"GET"; http_method; content:"/averagecoderinohio/crop-disease-identification-model/releases/download/v1.0/release.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492116/; classtype:trojan-activity;sid:84355216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492117)"; flow:established,from_client; content:"GET"; http_method; content:"/averagecoderinohio/crop-disease-identification-model/releases/download/v2.0/software.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492117/; classtype:trojan-activity;sid:84355217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492118)"; flow:established,from_client; content:"GET"; http_method; content:"/aki019aki/godotttttt/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492118/; classtype:trojan-activity;sid:84355218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492119)"; flow:established,from_client; content:"GET"; http_method; content:"/henryhendysheer/eth-transaction-inspector/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492119/; classtype:trojan-activity;sid:84355219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492112)"; flow:established,from_client; content:"GET"; http_method; content:"/solarcrownyt/learning-sqlx/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492112/; classtype:trojan-activity;sid:84355212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492113)"; flow:established,from_client; content:"GET"; http_method; content:"/aki019aki/godotttttt/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492113/; classtype:trojan-activity;sid:84355213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492109)"; flow:established,from_client; content:"GET"; http_method; content:"/00094/string-remover/raw/refs/heads/main/rah.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492109/; classtype:trojan-activity;sid:84355209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492108)"; flow:established,from_client; content:"GET"; http_method; content:"/00094/string-remover/raw/refs/heads/main/consoleapplication4.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492108/; classtype:trojan-activity;sid:84355208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492107)"; flow:established,from_client; content:"GET"; http_method; content:"/00094/string-remover/raw/refs/heads/main/realtek%20hd%20audio%20manager.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492107/; classtype:trojan-activity;sid:84355207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492104)"; flow:established,from_client; content:"GET"; http_method; content:"/00094/string-remover/raw/refs/heads/main/undetected.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492104/; classtype:trojan-activity;sid:84355204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492105)"; flow:established,from_client; content:"GET"; http_method; content:"/00094/string-remover/raw/refs/heads/main/cheese.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492105/; classtype:trojan-activity;sid:84355205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492103)"; flow:established,from_client; content:"GET"; http_method; content:"/00094/string-remover/raw/refs/heads/main/crazy.bin"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492103/; classtype:trojan-activity;sid:84355203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492101)"; flow:established,from_client; content:"GET"; http_method; content:"/arvinnasution/files/raw/refs/heads/main/client-built10.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492101/; classtype:trojan-activity;sid:84355201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492099)"; flow:established,from_client; content:"GET"; http_method; content:"/shanabbasi916/about-miguel/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492099/; classtype:trojan-activity;sid:84355199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492100)"; flow:established,from_client; content:"GET"; http_method; content:"/arvinnasution/files/raw/refs/heads/main/client-built4.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492100/; classtype:trojan-activity;sid:84355200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492097)"; flow:established,from_client; content:"GET"; http_method; content:"/arvinnasution/files/raw/refs/heads/main/client-built8.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492097/; classtype:trojan-activity;sid:84355197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492096)"; flow:established,from_client; content:"GET"; http_method; content:"/arvinnasution/files/raw/refs/heads/main/client-built2.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492096/; classtype:trojan-activity;sid:84355196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492093)"; flow:established,from_client; content:"GET"; http_method; content:"/00094/string-remover/raw/refs/heads/main/final.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492093/; classtype:trojan-activity;sid:84355193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492094)"; flow:established,from_client; content:"GET"; http_method; content:"/pawela827-2/test/main/vsgraphicsresources.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492094/; classtype:trojan-activity;sid:84355194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492095)"; flow:established,from_client; content:"GET"; http_method; content:"/lauriiiiii/dawfraweda/raw/refs/heads/main/client-built.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492095/; classtype:trojan-activity;sid:84355195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492092)"; flow:established,from_client; content:"GET"; http_method; content:"/pawela827-2/test/main/vsgraphicsresources2.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492092/; classtype:trojan-activity;sid:84355192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.8.123"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492089/; classtype:trojan-activity;sid:84355189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492090)"; flow:established,from_client; content:"GET"; http_method; content:"/joshdied/files/refs/heads/main/xtuservice.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492090/; classtype:trojan-activity;sid:84355190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492091)"; flow:established,from_client; content:"GET"; http_method; content:"/joshdied/files/raw/refs/heads/main/xtuservice.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492091/; classtype:trojan-activity;sid:84355191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492088)"; flow:established,from_client; content:"GET"; http_method; content:"/lauriiiiii/dawfraweda/refs/heads/main/client-built.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492088/; classtype:trojan-activity;sid:84355188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492086)"; flow:established,from_client; content:"GET"; http_method; content:"/voslol/hack-crypto-wallet/releases/download/croupous/hack-crypto-wallet-croupous.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492086/; classtype:trojan-activity;sid:84355186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.97.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492084/; classtype:trojan-activity;sid:84355184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492083)"; flow:established,from_client; content:"GET"; http_method; content:"/mommynikiits/minecrafttlaucher/raw/refs/heads/master/minecraft.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492083/; classtype:trojan-activity;sid:84355183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492079)"; flow:established,from_client; content:"GET"; http_method; content:"/c66c0eade263c9a8/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.93.20.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492079/; classtype:trojan-activity;sid:84355179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492081)"; flow:established,from_client; content:"GET"; http_method; content:"/c66c0eade263c9a8/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"45.93.20.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492081/; classtype:trojan-activity;sid:84355181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492082)"; flow:established,from_client; content:"GET"; http_method; content:"/c66c0eade263c9a8/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"45.93.20.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492082/; classtype:trojan-activity;sid:84355182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492078)"; flow:established,from_client; content:"GET"; http_method; content:"/c66c0eade263c9a8/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.93.20.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492078/; classtype:trojan-activity;sid:84355178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492076)"; flow:established,from_client; content:"GET"; http_method; content:"/c66c0eade263c9a8/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.93.20.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492076/; classtype:trojan-activity;sid:84355176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492077)"; flow:established,from_client; content:"GET"; http_method; content:"/c66c0eade263c9a8/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.93.20.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492077/; classtype:trojan-activity;sid:84355177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492074)"; flow:established,from_client; content:"GET"; http_method; content:"/hakimil/hack-crypto-wallet/releases/download/v2.7.7-beta.4/hack-crypto-wallet-v2.7.7-beta.4.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492074/; classtype:trojan-activity;sid:84355174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492069)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.203.233.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492069/; classtype:trojan-activity;sid:84355169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492070)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.203.233.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492070/; classtype:trojan-activity;sid:84355170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492064)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.203.233.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492064/; classtype:trojan-activity;sid:84355164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492065)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.203.233.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492065/; classtype:trojan-activity;sid:84355165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492066)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.203.233.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492066/; classtype:trojan-activity;sid:84355166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492067)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.203.233.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492067/; classtype:trojan-activity;sid:84355167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492068)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.203.233.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492068/; classtype:trojan-activity;sid:84355168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.200.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492063/; classtype:trojan-activity;sid:84355163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492056)"; flow:established,from_client; content:"GET"; http_method; content:"/aussieonzaza/assets/raw/refs/heads/master/launcher.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492056/; classtype:trojan-activity;sid:84355156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492047)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.203.233.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492047/; classtype:trojan-activity;sid:84355147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.97.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492049/; classtype:trojan-activity;sid:84355149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492046/; classtype:trojan-activity;sid:84355146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.244.48.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492045/; classtype:trojan-activity;sid:84355145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492041)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492041/; classtype:trojan-activity;sid:84355141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492040)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492040/; classtype:trojan-activity;sid:84355140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492039)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492039/; classtype:trojan-activity;sid:84355139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492035)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492035/; classtype:trojan-activity;sid:84355135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492036)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492036/; classtype:trojan-activity;sid:84355136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492037)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492037/; classtype:trojan-activity;sid:84355137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492038)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492038/; classtype:trojan-activity;sid:84355138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492032)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492032/; classtype:trojan-activity;sid:84355132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492033)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492033/; classtype:trojan-activity;sid:84355133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492034)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492034/; classtype:trojan-activity;sid:84355134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492027)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492027/; classtype:trojan-activity;sid:84355127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492028)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492028/; classtype:trojan-activity;sid:84355128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492029)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492029/; classtype:trojan-activity;sid:84355129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492030)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492030/; classtype:trojan-activity;sid:84355130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492031)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492031/; classtype:trojan-activity;sid:84355131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492026)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492026/; classtype:trojan-activity;sid:84355126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492017)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492017/; classtype:trojan-activity;sid:84355117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492019)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492019/; classtype:trojan-activity;sid:84355119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492020)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492020/; classtype:trojan-activity;sid:84355120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492021)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492021/; classtype:trojan-activity;sid:84355121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492022)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492022/; classtype:trojan-activity;sid:84355122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492023)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492023/; classtype:trojan-activity;sid:84355123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492024)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492024/; classtype:trojan-activity;sid:84355124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492006)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492006/; classtype:trojan-activity;sid:84355106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492007)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492007/; classtype:trojan-activity;sid:84355107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492009)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492009/; classtype:trojan-activity;sid:84355109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492010)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492010/; classtype:trojan-activity;sid:84355110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492011)"; flow:established,from_client; content:"GET"; http_method; content:"/create.py"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492011/; classtype:trojan-activity;sid:84355111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492012)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492012/; classtype:trojan-activity;sid:84355112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492013)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492013/; classtype:trojan-activity;sid:84355113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492014)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492014/; classtype:trojan-activity;sid:84355114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492015)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492015/; classtype:trojan-activity;sid:84355115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492016)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492016/; classtype:trojan-activity;sid:84355116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492004)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492004/; classtype:trojan-activity;sid:84355104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491997)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491997/; classtype:trojan-activity;sid:84355097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491998)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491998/; classtype:trojan-activity;sid:84355098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491999)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491999/; classtype:trojan-activity;sid:84355099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492000)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492000/; classtype:trojan-activity;sid:84355100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492001)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492001/; classtype:trojan-activity;sid:84355101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492002)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492002/; classtype:trojan-activity;sid:84355102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491995)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491995/; classtype:trojan-activity;sid:84355095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491994)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491994/; classtype:trojan-activity;sid:84355094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491993)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491993/; classtype:trojan-activity;sid:84355093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491992)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491992/; classtype:trojan-activity;sid:84355092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.244.48.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491991/; classtype:trojan-activity;sid:84355091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491979)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.44.90.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491979/; classtype:trojan-activity;sid:84355079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491981)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.116.208.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491981/; classtype:trojan-activity;sid:84355081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491984)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.44.151.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491984/; classtype:trojan-activity;sid:84355084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491987)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.108.176.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491987/; classtype:trojan-activity;sid:84355087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491974)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.120.251.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491974/; classtype:trojan-activity;sid:84355074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491966)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.158.77.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491966/; classtype:trojan-activity;sid:84355066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491954)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.42.18.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491954/; classtype:trojan-activity;sid:84355054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491956)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.133.156.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491956/; classtype:trojan-activity;sid:84355056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491957)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.24.64.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491957/; classtype:trojan-activity;sid:84355057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491958)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.93.25.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491958/; classtype:trojan-activity;sid:84355058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491960)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.126.87.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491960/; classtype:trojan-activity;sid:84355060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491961)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.116.181.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491961/; classtype:trojan-activity;sid:84355061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491946)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.138.54.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491946/; classtype:trojan-activity;sid:84355046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491951)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.205.188.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491951/; classtype:trojan-activity;sid:84355051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.38.150.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491838/; classtype:trojan-activity;sid:84354938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.175.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491837/; classtype:trojan-activity;sid:84354937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.154.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491834/; classtype:trojan-activity;sid:84354934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491825)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.236.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491825/; classtype:trojan-activity;sid:84354925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.150.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3491824/; classtype:trojan-activity;sid:84354924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491820)"; flow:established,from_client; content:"GET"; http_method; content:"/part/setup0321_or.msi"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"cryptotoolkit.it.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491820/; classtype:trojan-activity;sid:84354920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491819)"; flow:established,from_client; content:"GET"; http_method; content:"/part/setup0321_or.msi"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"92.118.112.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491819/; classtype:trojan-activity;sid:84354919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491818)"; flow:established,from_client; content:"GET"; http_method; content:"/parts/manual.pdf.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cryptotoolkit.it.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491818/; classtype:trojan-activity;sid:84354918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491817)"; flow:established,from_client; content:"GET"; http_method; content:"/parts/manual.pdf.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"92.118.112.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491817/; classtype:trojan-activity;sid:84354917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.78.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491816/; classtype:trojan-activity;sid:84354916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491815)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/902850349.ocx"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"70.34.216.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491815/; classtype:trojan-activity;sid:84354915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491814)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/90285025.ocx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"70.34.216.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491814/; classtype:trojan-activity;sid:84354914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.165.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491813/; classtype:trojan-activity;sid:84354913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491812)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/2222.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"tech-updates-24.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491812/; classtype:trojan-activity;sid:84354912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.16.249"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491811/; classtype:trojan-activity;sid:84354911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.182.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491810/; classtype:trojan-activity;sid:84354910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.154.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491809/; classtype:trojan-activity;sid:84354909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.7.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491808/; classtype:trojan-activity;sid:84354908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.247.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491806/; classtype:trojan-activity;sid:84354906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.9.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491807/; classtype:trojan-activity;sid:84354907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491805)"; flow:established,from_client; content:"GET"; http_method; content:"/api.php|3f|key=afd523686e3a9e318e6880898763e004"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"b0erwi.ssafileaccess.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491805/; classtype:trojan-activity;sid:84354905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.59.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491803/; classtype:trojan-activity;sid:84354903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.75.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491804/; classtype:trojan-activity;sid:84354904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491802/; classtype:trojan-activity;sid:84354902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.247.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491801/; classtype:trojan-activity;sid:84354901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491800)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491800/; classtype:trojan-activity;sid:84354900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.119.156.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491799/; classtype:trojan-activity;sid:84354899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491798)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491798/; classtype:trojan-activity;sid:84354898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"74.116.185.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491797/; classtype:trojan-activity;sid:84354897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.167.147.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491789/; classtype:trojan-activity;sid:84354889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.221.136.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491790/; classtype:trojan-activity;sid:84354890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.221.136.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491791/; classtype:trojan-activity;sid:84354891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.107.10.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491792/; classtype:trojan-activity;sid:84354892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.136.227.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491793/; classtype:trojan-activity;sid:84354893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.34.7.153"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491794/; classtype:trojan-activity;sid:84354894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.221.136.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491795/; classtype:trojan-activity;sid:84354895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.221.136.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491796/; classtype:trojan-activity;sid:84354896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.107.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491782/; classtype:trojan-activity;sid:84354882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.124.207.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491783/; classtype:trojan-activity;sid:84354883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.200.142.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491784/; classtype:trojan-activity;sid:84354884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.176.70.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491785/; classtype:trojan-activity;sid:84354885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.77.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491786/; classtype:trojan-activity;sid:84354886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.103.62.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491787/; classtype:trojan-activity;sid:84354887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.12.148.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491788/; classtype:trojan-activity;sid:84354888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491776)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491776/; classtype:trojan-activity;sid:84354876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491777)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491777/; classtype:trojan-activity;sid:84354877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491778)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491778/; classtype:trojan-activity;sid:84354878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491779)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491779/; classtype:trojan-activity;sid:84354879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491780)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491780/; classtype:trojan-activity;sid:84354880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.20.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491781/; classtype:trojan-activity;sid:84354881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491770)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491770/; classtype:trojan-activity;sid:84354870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.121.103.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491771/; classtype:trojan-activity;sid:84354871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491772)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491772/; classtype:trojan-activity;sid:84354872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491773)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491773/; classtype:trojan-activity;sid:84354873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491774)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491774/; classtype:trojan-activity;sid:84354874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491775)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491775/; classtype:trojan-activity;sid:84354875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491763)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491763/; classtype:trojan-activity;sid:84354863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491764)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491764/; classtype:trojan-activity;sid:84354864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491765)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491765/; classtype:trojan-activity;sid:84354865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491766)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491766/; classtype:trojan-activity;sid:84354866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.176.29.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491767/; classtype:trojan-activity;sid:84354867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491768)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491768/; classtype:trojan-activity;sid:84354868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491769)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491769/; classtype:trojan-activity;sid:84354869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.47.163.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491751/; classtype:trojan-activity;sid:84354851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.237.224.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491752/; classtype:trojan-activity;sid:84354852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.4.142.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491753/; classtype:trojan-activity;sid:84354853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.8.226.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491754/; classtype:trojan-activity;sid:84354854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.139.87.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491755/; classtype:trojan-activity;sid:84354855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491756)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491756/; classtype:trojan-activity;sid:84354856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491757)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491757/; classtype:trojan-activity;sid:84354857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491758)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491758/; classtype:trojan-activity;sid:84354858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.231.116.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491759/; classtype:trojan-activity;sid:84354859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491760)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491760/; classtype:trojan-activity;sid:84354860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.29.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491761/; classtype:trojan-activity;sid:84354861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491762)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491762/; classtype:trojan-activity;sid:84354862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.125.133.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491744/; classtype:trojan-activity;sid:84354844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.121.34.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491745/; classtype:trojan-activity;sid:84354845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.221.136.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491746/; classtype:trojan-activity;sid:84354846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.221.136.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491747/; classtype:trojan-activity;sid:84354847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491748)"; flow:established,from_client; content:"GET"; http_method; content:"/zxc.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491748/; classtype:trojan-activity;sid:84354848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.221.136.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491749/; classtype:trojan-activity;sid:84354849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.221.136.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491750/; classtype:trojan-activity;sid:84354850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491732)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491732/; classtype:trojan-activity;sid:84354832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491733)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491733/; classtype:trojan-activity;sid:84354833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491734)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491734/; classtype:trojan-activity;sid:84354834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491735)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491735/; classtype:trojan-activity;sid:84354835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.109.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491736/; classtype:trojan-activity;sid:84354836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491737)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491737/; classtype:trojan-activity;sid:84354837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.2.32.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491738/; classtype:trojan-activity;sid:84354838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491739)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491739/; classtype:trojan-activity;sid:84354839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491740)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491740/; classtype:trojan-activity;sid:84354840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.111.30.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491741/; classtype:trojan-activity;sid:84354841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.140.197.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491742/; classtype:trojan-activity;sid:84354842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.189.156.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491743/; classtype:trojan-activity;sid:84354843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491722)"; flow:established,from_client; content:"GET"; http_method; content:"/buf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491722/; classtype:trojan-activity;sid:84354822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491723)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491723/; classtype:trojan-activity;sid:84354823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491724)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491724/; classtype:trojan-activity;sid:84354824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491725)"; flow:established,from_client; content:"GET"; http_method; content:"/phi.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491725/; classtype:trojan-activity;sid:84354825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491726)"; flow:established,from_client; content:"GET"; http_method; content:"/fc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491726/; classtype:trojan-activity;sid:84354826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.7.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491727/; classtype:trojan-activity;sid:84354827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491728)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491728/; classtype:trojan-activity;sid:84354828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491729)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491729/; classtype:trojan-activity;sid:84354829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491730)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491730/; classtype:trojan-activity;sid:84354830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491731)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491731/; classtype:trojan-activity;sid:84354831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491721)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491721/; classtype:trojan-activity;sid:84354821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.99.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491720/; classtype:trojan-activity;sid:84354820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491717)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491717/; classtype:trojan-activity;sid:84354817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491718)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491718/; classtype:trojan-activity;sid:84354818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491719)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491719/; classtype:trojan-activity;sid:84354819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.47.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491716/; classtype:trojan-activity;sid:84354816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.247.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491715/; classtype:trojan-activity;sid:84354815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491713)"; flow:established,from_client; content:"GET"; http_method; content:"/ndknd/synapsex/releases/download/v1.4.6-alpha.3/synapsex_v1.4.6-alpha.3.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491713/; classtype:trojan-activity;sid:84354813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.165.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491714/; classtype:trojan-activity;sid:84354814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.157.184.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491712/; classtype:trojan-activity;sid:84354812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491711)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/2222.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.151.62.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491711/; classtype:trojan-activity;sid:84354811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.59.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491710/; classtype:trojan-activity;sid:84354810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.19.169"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491709/; classtype:trojan-activity;sid:84354809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.97.113.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491707/; classtype:trojan-activity;sid:84354807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.68.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491708/; classtype:trojan-activity;sid:84354808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.52.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491706/; classtype:trojan-activity;sid:84354806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491705)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491705/; classtype:trojan-activity;sid:84354805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491692)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491692/; classtype:trojan-activity;sid:84354792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491693)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491693/; classtype:trojan-activity;sid:84354793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491694)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.x64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491694/; classtype:trojan-activity;sid:84354794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491695)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491695/; classtype:trojan-activity;sid:84354795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491696)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491696/; classtype:trojan-activity;sid:84354796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491697)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491697/; classtype:trojan-activity;sid:84354797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491698)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491698/; classtype:trojan-activity;sid:84354798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491699)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491699/; classtype:trojan-activity;sid:84354799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491700)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491700/; classtype:trojan-activity;sid:84354800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491701)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491701/; classtype:trojan-activity;sid:84354801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491702)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491702/; classtype:trojan-activity;sid:84354802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491703)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491703/; classtype:trojan-activity;sid:84354803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491704)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491704/; classtype:trojan-activity;sid:84354804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491691)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491691/; classtype:trojan-activity;sid:84354791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491689)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491689/; classtype:trojan-activity;sid:84354789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491690)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491690/; classtype:trojan-activity;sid:84354790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491675)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.x64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491675/; classtype:trojan-activity;sid:84354775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491676)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491676/; classtype:trojan-activity;sid:84354776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491677)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491677/; classtype:trojan-activity;sid:84354777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491678)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491678/; classtype:trojan-activity;sid:84354778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491679)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491679/; classtype:trojan-activity;sid:84354779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491680)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491680/; classtype:trojan-activity;sid:84354780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491681)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491681/; classtype:trojan-activity;sid:84354781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491682)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491682/; classtype:trojan-activity;sid:84354782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491683)"; flow:established,from_client; content:"GET"; http_method; content:"/x64"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491683/; classtype:trojan-activity;sid:84354783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491684)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491684/; classtype:trojan-activity;sid:84354784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491685)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491685/; classtype:trojan-activity;sid:84354785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491686)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491686/; classtype:trojan-activity;sid:84354786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491687)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491687/; classtype:trojan-activity;sid:84354787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491688)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"visionproxy.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491688/; classtype:trojan-activity;sid:84354788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491673)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491673/; classtype:trojan-activity;sid:84354773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491674)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491674/; classtype:trojan-activity;sid:84354774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491670)"; flow:established,from_client; content:"GET"; http_method; content:"/kshitijborawake/pet-simulator-99-dupe-gui/releases/download/3.1.0/pet-simulator-99-dupe-gui-v3.1.0.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491670/; classtype:trojan-activity;sid:84354770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491671)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491671/; classtype:trojan-activity;sid:84354771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.169.96.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491672/; classtype:trojan-activity;sid:84354772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491654)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491654/; classtype:trojan-activity;sid:84354754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491655)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491655/; classtype:trojan-activity;sid:84354755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491656)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491656/; classtype:trojan-activity;sid:84354756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491657)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491657/; classtype:trojan-activity;sid:84354757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491658)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491658/; classtype:trojan-activity;sid:84354758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491659)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491659/; classtype:trojan-activity;sid:84354759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491660)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491660/; classtype:trojan-activity;sid:84354760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491661)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491661/; classtype:trojan-activity;sid:84354761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491662)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491662/; classtype:trojan-activity;sid:84354762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491663)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491663/; classtype:trojan-activity;sid:84354763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491664)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491664/; classtype:trojan-activity;sid:84354764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491665)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491665/; classtype:trojan-activity;sid:84354765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491666)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nuklear.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491666/; classtype:trojan-activity;sid:84354766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491667)"; flow:established,from_client; content:"GET"; http_method; content:"/x64"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491667/; classtype:trojan-activity;sid:84354767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491668)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491668/; classtype:trojan-activity;sid:84354768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.16.249"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491669/; classtype:trojan-activity;sid:84354769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491653)"; flow:established,from_client; content:"GET"; http_method; content:"/hassan-be/pet-simulator-99-dupe-gui/releases/download/newmarket/pet-simulator-99-dupe-gui-newmarket.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491653/; classtype:trojan-activity;sid:84354753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491647)"; flow:established,from_client; content:"GET"; http_method; content:"/hanoi.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"147.50.240.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491647/; classtype:trojan-activity;sid:84354747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491648)"; flow:established,from_client; content:"GET"; http_method; content:"/hanoi.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"147.50.240.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491648/; classtype:trojan-activity;sid:84354748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491649)"; flow:established,from_client; content:"GET"; http_method; content:"/hanoi.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.50.240.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491649/; classtype:trojan-activity;sid:84354749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491650)"; flow:established,from_client; content:"GET"; http_method; content:"/hanoi.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"147.50.240.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491650/; classtype:trojan-activity;sid:84354750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491651)"; flow:established,from_client; content:"GET"; http_method; content:"/hanoi.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.50.240.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491651/; classtype:trojan-activity;sid:84354751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491652)"; flow:established,from_client; content:"GET"; http_method; content:"/hanoi.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"147.50.240.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491652/; classtype:trojan-activity;sid:84354752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491639)"; flow:established,from_client; content:"GET"; http_method; content:"/hanoi.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.50.240.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491639/; classtype:trojan-activity;sid:84354739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491640)"; flow:established,from_client; content:"GET"; http_method; content:"/hanoi.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"147.50.240.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491640/; classtype:trojan-activity;sid:84354740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491641)"; flow:established,from_client; content:"GET"; http_method; content:"/hanoi.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.50.240.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491641/; classtype:trojan-activity;sid:84354741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491642)"; flow:established,from_client; content:"GET"; http_method; content:"/hanoi.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.50.240.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491642/; classtype:trojan-activity;sid:84354742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491643)"; flow:established,from_client; content:"GET"; http_method; content:"/hanoi.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"147.50.240.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491643/; classtype:trojan-activity;sid:84354743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491644)"; flow:established,from_client; content:"GET"; http_method; content:"/hanoi.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"147.50.240.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491644/; classtype:trojan-activity;sid:84354744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491645)"; flow:established,from_client; content:"GET"; http_method; content:"/hanoi.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"147.50.240.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491645/; classtype:trojan-activity;sid:84354745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.148.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491646/; classtype:trojan-activity;sid:84354746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491634)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"persimmon-turquoise344028.vm-host.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491634/; classtype:trojan-activity;sid:84354734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491635)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"persimmon-turquoise344028.vm-host.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491635/; classtype:trojan-activity;sid:84354735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491636)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"persimmon-turquoise344028.vm-host.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491636/; classtype:trojan-activity;sid:84354736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491637)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"persimmon-turquoise344028.vm-host.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491637/; classtype:trojan-activity;sid:84354737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491638)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"persimmon-turquoise344028.vm-host.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491638/; classtype:trojan-activity;sid:84354738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.10.37.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491633/; classtype:trojan-activity;sid:84354733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491629)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"persimmon-turquoise344028.vm-host.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491629/; classtype:trojan-activity;sid:84354729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491630)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"persimmon-turquoise344028.vm-host.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491630/; classtype:trojan-activity;sid:84354730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491631)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"persimmon-turquoise344028.vm-host.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491631/; classtype:trojan-activity;sid:84354731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491632)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"persimmon-turquoise344028.vm-host.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491632/; classtype:trojan-activity;sid:84354732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491628)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"persimmon-turquoise344028.vm-host.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491628/; classtype:trojan-activity;sid:84354728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491627)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.152.43.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491627/; classtype:trojan-activity;sid:84354727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491624)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.152.43.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491624/; classtype:trojan-activity;sid:84354724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491625)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.152.43.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491625/; classtype:trojan-activity;sid:84354725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491626)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.152.43.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491626/; classtype:trojan-activity;sid:84354726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491618)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.152.43.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491618/; classtype:trojan-activity;sid:84354718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491619)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.152.43.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491619/; classtype:trojan-activity;sid:84354719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491620)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.152.43.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491620/; classtype:trojan-activity;sid:84354720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491621)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.152.43.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491621/; classtype:trojan-activity;sid:84354721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491622)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.152.43.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491622/; classtype:trojan-activity;sid:84354722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491623)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.152.43.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491623/; classtype:trojan-activity;sid:84354723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491616)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ftp.test.one.v24.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491616/; classtype:trojan-activity;sid:84354716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491617)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86_64"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"ftp.test.one.v24.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491617/; classtype:trojan-activity;sid:84354717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491615)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm7"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"ftp.test.one.v24.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491615/; classtype:trojan-activity;sid:84354715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491607)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ftp.test.one.v24.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491607/; classtype:trojan-activity;sid:84354707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491608)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.sh4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ftp.test.one.v24.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491608/; classtype:trojan-activity;sid:84354708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491609)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ftp.test.one.v24.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491609/; classtype:trojan-activity;sid:84354709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491610)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mips"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"ftp.test.one.v24.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491610/; classtype:trojan-activity;sid:84354710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491611)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mpsl"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"ftp.test.one.v24.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491611/; classtype:trojan-activity;sid:84354711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491612)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.spc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ftp.test.one.v24.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491612/; classtype:trojan-activity;sid:84354712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491613)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.i686"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"ftp.test.one.v24.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491613/; classtype:trojan-activity;sid:84354713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491614)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm6"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"ftp.test.one.v24.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491614/; classtype:trojan-activity;sid:84354714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491606)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.ppc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ftp.test.one.v24.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491606/; classtype:trojan-activity;sid:84354706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491604)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.m68k"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"ftp.test.one.v24.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491604/; classtype:trojan-activity;sid:84354704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491605)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm5"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"ftp.test.one.v24.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491605/; classtype:trojan-activity;sid:84354705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491603)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.i686"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"61.7.209.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491603/; classtype:trojan-activity;sid:84354703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491602)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.ppc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"61.7.209.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491602/; classtype:trojan-activity;sid:84354702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491599)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.m68k"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"61.7.209.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491599/; classtype:trojan-activity;sid:84354699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491600)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"61.7.209.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491600/; classtype:trojan-activity;sid:84354700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491601)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm6"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"61.7.209.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491601/; classtype:trojan-activity;sid:84354701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491594)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86_64"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"61.7.209.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491594/; classtype:trojan-activity;sid:84354694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491595)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm7"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"61.7.209.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491595/; classtype:trojan-activity;sid:84354695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491596)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.sh4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"61.7.209.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491596/; classtype:trojan-activity;sid:84354696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491597)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.spc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"61.7.209.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491597/; classtype:trojan-activity;sid:84354697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491598)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"61.7.209.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491598/; classtype:trojan-activity;sid:84354698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491592)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.7.209.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491592/; classtype:trojan-activity;sid:84354692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491593)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm5"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"61.7.209.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491593/; classtype:trojan-activity;sid:84354693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491590)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mpsl"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"61.7.209.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491590/; classtype:trojan-activity;sid:84354690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491591)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mips"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"61.7.209.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491591/; classtype:trojan-activity;sid:84354691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.80.164.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491589/; classtype:trojan-activity;sid:84354689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491588/; classtype:trojan-activity;sid:84354688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491584)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"212.64.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491584/; classtype:trojan-activity;sid:84354684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491585)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"212.64.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491585/; classtype:trojan-activity;sid:84354685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491586)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"212.64.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491586/; classtype:trojan-activity;sid:84354686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491587)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"212.64.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491587/; classtype:trojan-activity;sid:84354687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491581)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"212.64.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491581/; classtype:trojan-activity;sid:84354681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491582)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"212.64.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491582/; classtype:trojan-activity;sid:84354682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491583)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"212.64.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491583/; classtype:trojan-activity;sid:84354683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491578)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"212.64.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491578/; classtype:trojan-activity;sid:84354678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491579)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"212.64.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491579/; classtype:trojan-activity;sid:84354679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491580)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"212.64.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491580/; classtype:trojan-activity;sid:84354680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491576)"; flow:established,from_client; content:"GET"; http_method; content:"/8usa.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"212.64.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491576/; classtype:trojan-activity;sid:84354676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491577)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"212.64.199.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491577/; classtype:trojan-activity;sid:84354677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.230.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491575/; classtype:trojan-activity;sid:84354675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.177.28.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491574/; classtype:trojan-activity;sid:84354674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.19.169"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491572/; classtype:trojan-activity;sid:84354672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.9.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491573/; classtype:trojan-activity;sid:84354673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491571)"; flow:established,from_client; content:"GET"; http_method; content:"/ekrem7138/pet-simulator-99-dupe-gui/releases/download/3.4.8/pet-simulator-99-dupe-gui-3.4.8.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491571/; classtype:trojan-activity;sid:84354671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.10.37.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491570/; classtype:trojan-activity;sid:84354670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491569)"; flow:established,from_client; content:"GET"; http_method; content:"/0g7lvnoe9d.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.juryvarious.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491569/; classtype:trojan-activity;sid:84354669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.157.184.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491568/; classtype:trojan-activity;sid:84354668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.97.113.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491567/; classtype:trojan-activity;sid:84354667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.220.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491566/; classtype:trojan-activity;sid:84354666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.214.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491565/; classtype:trojan-activity;sid:84354665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491564/; classtype:trojan-activity;sid:84354664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.105.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491563/; classtype:trojan-activity;sid:84354663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.148.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491562/; classtype:trojan-activity;sid:84354662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.68.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491561/; classtype:trojan-activity;sid:84354661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.253.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491560/; classtype:trojan-activity;sid:84354660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.1.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491559/; classtype:trojan-activity;sid:84354659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.27.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491558/; classtype:trojan-activity;sid:84354658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.160.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491556/; classtype:trojan-activity;sid:84354656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.220.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491557/; classtype:trojan-activity;sid:84354657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.17.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491555/; classtype:trojan-activity;sid:84354655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491554)"; flow:established,from_client; content:"GET"; http_method; content:"/gayfjlover/tracex-hwid-spoofer-de/releases/download/v1.6.6/tracex-hwid-spoofer-de_v1.6.6.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491554/; classtype:trojan-activity;sid:84354654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.151.245.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491552/; classtype:trojan-activity;sid:84354652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.9.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491553/; classtype:trojan-activity;sid:84354653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.36.186.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491550/; classtype:trojan-activity;sid:84354650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491551)"; flow:established,from_client; content:"GET"; http_method; content:"/naydigital/tracex-hwid-spoofer-de/releases/download/v2.5.2/tracex-hwid-spoofer-de-v2.5.2.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491551/; classtype:trojan-activity;sid:84354651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.235.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491548/; classtype:trojan-activity;sid:84354648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.15.170"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491549/; classtype:trojan-activity;sid:84354649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.160.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491547/; classtype:trojan-activity;sid:84354647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.253.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491546/; classtype:trojan-activity;sid:84354646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.230.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491545/; classtype:trojan-activity;sid:84354645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.22.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491544/; classtype:trojan-activity;sid:84354644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.224.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491543/; classtype:trojan-activity;sid:84354643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.24.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491542/; classtype:trojan-activity;sid:84354642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.36.186.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491541/; classtype:trojan-activity;sid:84354641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.156.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491540/; classtype:trojan-activity;sid:84354640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.15.170"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491539/; classtype:trojan-activity;sid:84354639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.9.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491538/; classtype:trojan-activity;sid:84354638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491537)"; flow:established,from_client; content:"GET"; http_method; content:"/tnz2fpi4go.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.juryvarious.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491537/; classtype:trojan-activity;sid:84354637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.253.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491535/; classtype:trojan-activity;sid:84354635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.109.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491536/; classtype:trojan-activity;sid:84354636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.140.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491534/; classtype:trojan-activity;sid:84354634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.235.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491533/; classtype:trojan-activity;sid:84354633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.10.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491532/; classtype:trojan-activity;sid:84354632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.17.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491531/; classtype:trojan-activity;sid:84354631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.203.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491530/; classtype:trojan-activity;sid:84354630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.202.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491529/; classtype:trojan-activity;sid:84354629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.253.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491528/; classtype:trojan-activity;sid:84354628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.120.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491527/; classtype:trojan-activity;sid:84354627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.129.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491526/; classtype:trojan-activity;sid:84354626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.24.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491525/; classtype:trojan-activity;sid:84354625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.140.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491524/; classtype:trojan-activity;sid:84354624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.129.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491523/; classtype:trojan-activity;sid:84354623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.212.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491522/; classtype:trojan-activity;sid:84354622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.203.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491521/; classtype:trojan-activity;sid:84354621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.238.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491520/; classtype:trojan-activity;sid:84354620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"73.188.13.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491519/; classtype:trojan-activity;sid:84354619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.219.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491518/; classtype:trojan-activity;sid:84354618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.57.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491517/; classtype:trojan-activity;sid:84354617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.34.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491516/; classtype:trojan-activity;sid:84354616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.71.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491515/; classtype:trojan-activity;sid:84354615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.219.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491513/; classtype:trojan-activity;sid:84354613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.216.179.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491514/; classtype:trojan-activity;sid:84354614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.152.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491512/; classtype:trojan-activity;sid:84354612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.107.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491511/; classtype:trojan-activity;sid:84354611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491510/; classtype:trojan-activity;sid:84354610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.34.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491509/; classtype:trojan-activity;sid:84354609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491508)"; flow:established,from_client; content:"GET"; http_method; content:"/edo34vz81u.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.juryvarious.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491508/; classtype:trojan-activity;sid:84354608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.238.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491507/; classtype:trojan-activity;sid:84354607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.6.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491506/; classtype:trojan-activity;sid:84354606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.57.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491505/; classtype:trojan-activity;sid:84354605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.197.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491504/; classtype:trojan-activity;sid:84354604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.227.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491503/; classtype:trojan-activity;sid:84354603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.193.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491502/; classtype:trojan-activity;sid:84354602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.216.179.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491501/; classtype:trojan-activity;sid:84354601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.123.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491500/; classtype:trojan-activity;sid:84354600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.197.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491499/; classtype:trojan-activity;sid:84354599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.81.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491498/; classtype:trojan-activity;sid:84354598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.6.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491497/; classtype:trojan-activity;sid:84354597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.26.25"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491496/; classtype:trojan-activity;sid:84354596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.151.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491495/; classtype:trojan-activity;sid:84354595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.227.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491494/; classtype:trojan-activity;sid:84354594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.193.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491493/; classtype:trojan-activity;sid:84354593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.123.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491492/; classtype:trojan-activity;sid:84354592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.249.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491490/; classtype:trojan-activity;sid:84354590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.175.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491491/; classtype:trojan-activity;sid:84354591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.26.25"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491489/; classtype:trojan-activity;sid:84354589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.121.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491488/; classtype:trojan-activity;sid:84354588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.207.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491487/; classtype:trojan-activity;sid:84354587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.151.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491486/; classtype:trojan-activity;sid:84354586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491485)"; flow:established,from_client; content:"GET"; http_method; content:"/70el774tlm.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.juryvarious.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491485/; classtype:trojan-activity;sid:84354585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.45.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491484/; classtype:trojan-activity;sid:84354584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.186.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491483/; classtype:trojan-activity;sid:84354583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.200.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491482/; classtype:trojan-activity;sid:84354582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.255.176.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491481/; classtype:trojan-activity;sid:84354581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.248.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491478/; classtype:trojan-activity;sid:84354578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.148.108.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491479/; classtype:trojan-activity;sid:84354579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.189.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491480/; classtype:trojan-activity;sid:84354580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.86.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491477/; classtype:trojan-activity;sid:84354577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.144.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491476/; classtype:trojan-activity;sid:84354576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491475)"; flow:established,from_client; content:"GET"; http_method; content:"/zd/arm7|3f|"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491475/; classtype:trojan-activity;sid:84354575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.251.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491474/; classtype:trojan-activity;sid:84354574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.90.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491473/; classtype:trojan-activity;sid:84354573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491467)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491467/; classtype:trojan-activity;sid:84354567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491468)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491468/; classtype:trojan-activity;sid:84354568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491469)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491469/; classtype:trojan-activity;sid:84354569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491470)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491470/; classtype:trojan-activity;sid:84354570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491471)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491471/; classtype:trojan-activity;sid:84354571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491472)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491472/; classtype:trojan-activity;sid:84354572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491466)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.142.53.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491466/; classtype:trojan-activity;sid:84354566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.239.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491465/; classtype:trojan-activity;sid:84354565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.148.108.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491464/; classtype:trojan-activity;sid:84354564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.45.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491463/; classtype:trojan-activity;sid:84354563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.15.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491462/; classtype:trojan-activity;sid:84354562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.81.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491461/; classtype:trojan-activity;sid:84354561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.216.166.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491460/; classtype:trojan-activity;sid:84354560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.228.189.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491458/; classtype:trojan-activity;sid:84354558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.248.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491459/; classtype:trojan-activity;sid:84354559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.251.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491457/; classtype:trojan-activity;sid:84354557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.189.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491456/; classtype:trojan-activity;sid:84354556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.68.235.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491455/; classtype:trojan-activity;sid:84354555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.255.176.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491454/; classtype:trojan-activity;sid:84354554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.73.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491453/; classtype:trojan-activity;sid:84354553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.229.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491452/; classtype:trojan-activity;sid:84354552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.167.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491451/; classtype:trojan-activity;sid:84354551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.92.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491450/; classtype:trojan-activity;sid:84354550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.215.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491448/; classtype:trojan-activity;sid:84354548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.137.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491449/; classtype:trojan-activity;sid:84354549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.166.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491447/; classtype:trojan-activity;sid:84354547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.31.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491446/; classtype:trojan-activity;sid:84354546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491445/; classtype:trojan-activity;sid:84354545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.228.189.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491444/; classtype:trojan-activity;sid:84354544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.68.235.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491443/; classtype:trojan-activity;sid:84354543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.23.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491442/; classtype:trojan-activity;sid:84354542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.100.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491441/; classtype:trojan-activity;sid:84354541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491440)"; flow:established,from_client; content:"GET"; http_method; content:"/pfzdz4es0a.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.juryvarious.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491440/; classtype:trojan-activity;sid:84354540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.73.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491439/; classtype:trojan-activity;sid:84354539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491438/; classtype:trojan-activity;sid:84354538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.107.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491437/; classtype:trojan-activity;sid:84354537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.136.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491436/; classtype:trojan-activity;sid:84354536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.226.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491435/; classtype:trojan-activity;sid:84354535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.178.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491434/; classtype:trojan-activity;sid:84354534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.149.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491433/; classtype:trojan-activity;sid:84354533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.77.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491432/; classtype:trojan-activity;sid:84354532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.137.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491431/; classtype:trojan-activity;sid:84354531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.31.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491430/; classtype:trojan-activity;sid:84354530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.86.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491429/; classtype:trojan-activity;sid:84354529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.107.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491428/; classtype:trojan-activity;sid:84354528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.80.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491427/; classtype:trojan-activity;sid:84354527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.100.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491426/; classtype:trojan-activity;sid:84354526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.23.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491425/; classtype:trojan-activity;sid:84354525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491424/; classtype:trojan-activity;sid:84354524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.178.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491423/; classtype:trojan-activity;sid:84354523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.149.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491422/; classtype:trojan-activity;sid:84354522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491421)"; flow:established,from_client; content:"GET"; http_method; content:"/hanoi.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.50.240.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491421/; classtype:trojan-activity;sid:84354521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.33.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491420/; classtype:trojan-activity;sid:84354520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.77.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491419/; classtype:trojan-activity;sid:84354519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.85.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491418/; classtype:trojan-activity;sid:84354518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.227.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491417/; classtype:trojan-activity;sid:84354517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.244.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491416/; classtype:trojan-activity;sid:84354516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.3.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491415/; classtype:trojan-activity;sid:84354515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.81.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491414/; classtype:trojan-activity;sid:84354514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.146.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491413/; classtype:trojan-activity;sid:84354513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.33.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491412/; classtype:trojan-activity;sid:84354512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.209.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491410/; classtype:trojan-activity;sid:84354510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.132.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491411/; classtype:trojan-activity;sid:84354511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.1.206"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491409/; classtype:trojan-activity;sid:84354509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.236.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491408/; classtype:trojan-activity;sid:84354508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.126.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491407/; classtype:trojan-activity;sid:84354507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.240.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491406/; classtype:trojan-activity;sid:84354506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.167.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491405/; classtype:trojan-activity;sid:84354505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.227.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491404/; classtype:trojan-activity;sid:84354504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.226.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491403/; classtype:trojan-activity;sid:84354503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491402)"; flow:established,from_client; content:"GET"; http_method; content:"/cmfjy8mren.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.juryvarious.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491402/; classtype:trojan-activity;sid:84354502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.146.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491401/; classtype:trojan-activity;sid:84354501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.7.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491400/; classtype:trojan-activity;sid:84354500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491399)"; flow:established,from_client; content:"GET"; http_method; content:"/profilelayout"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"music.homesalemedia.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491399/; classtype:trojan-activity;sid:84354499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.50.70.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491398/; classtype:trojan-activity;sid:84354498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.33.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491397/; classtype:trojan-activity;sid:84354497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.173.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491396/; classtype:trojan-activity;sid:84354496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.151.245.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491395/; classtype:trojan-activity;sid:84354495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.190.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491393/; classtype:trojan-activity;sid:84354493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.172.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491394/; classtype:trojan-activity;sid:84354494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.81.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491392/; classtype:trojan-activity;sid:84354492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.109.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491391/; classtype:trojan-activity;sid:84354491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.73.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491390/; classtype:trojan-activity;sid:84354490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.3.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491389/; classtype:trojan-activity;sid:84354489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.82.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491388/; classtype:trojan-activity;sid:84354488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.247.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491387/; classtype:trojan-activity;sid:84354487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.50.70.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491386/; classtype:trojan-activity;sid:84354486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.164.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491385/; classtype:trojan-activity;sid:84354485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491384/; classtype:trojan-activity;sid:84354484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.23.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491383/; classtype:trojan-activity;sid:84354483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.97.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491382/; classtype:trojan-activity;sid:84354482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.109.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491381/; classtype:trojan-activity;sid:84354481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.172.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491380/; classtype:trojan-activity;sid:84354480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.190.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491379/; classtype:trojan-activity;sid:84354479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.245.3.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491378/; classtype:trojan-activity;sid:84354478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.11.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491377/; classtype:trojan-activity;sid:84354477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.11.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491376/; classtype:trojan-activity;sid:84354476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.88.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491374/; classtype:trojan-activity;sid:84354474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.173.53.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491375/; classtype:trojan-activity;sid:84354475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.50.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491373/; classtype:trojan-activity;sid:84354473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.136.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491372/; classtype:trojan-activity;sid:84354472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491371)"; flow:established,from_client; content:"GET"; http_method; content:"/zbgfke7glu.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.juryvarious.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491371/; classtype:trojan-activity;sid:84354471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.65.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491370/; classtype:trojan-activity;sid:84354470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.191.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491369/; classtype:trojan-activity;sid:84354469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.97.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491368/; classtype:trojan-activity;sid:84354468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491367)"; flow:established,from_client; content:"GET"; http_method; content:"/visa%20secured.apk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"visasecurity.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491367/; classtype:trojan-activity;sid:84354467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.88.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491366/; classtype:trojan-activity;sid:84354466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.50.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491365/; classtype:trojan-activity;sid:84354465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.181.109.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491364/; classtype:trojan-activity;sid:84354464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.252.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491363/; classtype:trojan-activity;sid:84354463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.168.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491362/; classtype:trojan-activity;sid:84354462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.65.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491361/; classtype:trojan-activity;sid:84354461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.211.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491360/; classtype:trojan-activity;sid:84354460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.132.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491359/; classtype:trojan-activity;sid:84354459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.191.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491358/; classtype:trojan-activity;sid:84354458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.181.109.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491357/; classtype:trojan-activity;sid:84354457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.168.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491356/; classtype:trojan-activity;sid:84354456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.132.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491355/; classtype:trojan-activity;sid:84354455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.205.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491354/; classtype:trojan-activity;sid:84354454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.252.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491353/; classtype:trojan-activity;sid:84354453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.187.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491352/; classtype:trojan-activity;sid:84354452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.25.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491351/; classtype:trojan-activity;sid:84354451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.211.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491350/; classtype:trojan-activity;sid:84354450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.17.157"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491349/; classtype:trojan-activity;sid:84354449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491348)"; flow:established,from_client; content:"GET"; http_method; content:"/qz2p8ep8g1.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.juryvarious.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491348/; classtype:trojan-activity;sid:84354448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.198.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491347/; classtype:trojan-activity;sid:84354447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491346/; classtype:trojan-activity;sid:84354446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.30.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491344/; classtype:trojan-activity;sid:84354444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.171.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491345/; classtype:trojan-activity;sid:84354445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.175.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491343/; classtype:trojan-activity;sid:84354443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.254.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491342/; classtype:trojan-activity;sid:84354442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.126.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491341/; classtype:trojan-activity;sid:84354441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.123.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491340/; classtype:trojan-activity;sid:84354440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.19.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491339/; classtype:trojan-activity;sid:84354439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.123.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491338/; classtype:trojan-activity;sid:84354438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.82.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491337/; classtype:trojan-activity;sid:84354437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.138.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491336/; classtype:trojan-activity;sid:84354436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491332)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/raw/refs/heads/main/successfulpayment.pif"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491332/; classtype:trojan-activity;sid:84354432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491333)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/raw/refs/heads/main/successfullpayment.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491333/; classtype:trojan-activity;sid:84354433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491334)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/raw/refs/heads/main/successfullpaymentts.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491334/; classtype:trojan-activity;sid:84354434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491335)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/raw/refs/heads/main/tarksloader.hta"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491335/; classtype:trojan-activity;sid:84354435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491329)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/raw/refs/heads/main/photoshopsetup.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491329/; classtype:trojan-activity;sid:84354429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491330)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/raw/refs/heads/main/adobe_photoshopsetups.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491330/; classtype:trojan-activity;sid:84354430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491331)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/raw/refs/heads/main/windows.bat"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491331/; classtype:trojan-activity;sid:84354431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491328)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/raw/refs/heads/main/successfullpaymenttt.pdf.pif"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491328/; classtype:trojan-activity;sid:84354428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491326)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/raw/refs/heads/main/successfulpayment.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491326/; classtype:trojan-activity;sid:84354426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491327)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/raw/refs/heads/main/photoshopsetup.rar"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491327/; classtype:trojan-activity;sid:84354427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491325)"; flow:established,from_client; content:"GET"; http_method; content:"/70/smss.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"172.245.123.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491325/; classtype:trojan-activity;sid:84354425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.82.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491324/; classtype:trojan-activity;sid:84354424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.156.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491323/; classtype:trojan-activity;sid:84354423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491321)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/blob/main/successfullpayment.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491321/; classtype:trojan-activity;sid:84354421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491322)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/blob/main/successfullpaymentts.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491322/; classtype:trojan-activity;sid:84354422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.255.45.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491320/; classtype:trojan-activity;sid:84354420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491313)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/blob/main/photoshopsetup.rar"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491313/; classtype:trojan-activity;sid:84354413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491314)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/blob/main/photoshopsetup.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491314/; classtype:trojan-activity;sid:84354414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491315)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/blob/main/tarksloader.hta"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491315/; classtype:trojan-activity;sid:84354415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491316)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/blob/main/windows.bat"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491316/; classtype:trojan-activity;sid:84354416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491317)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/blob/main/system.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491317/; classtype:trojan-activity;sid:84354417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491318)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/blob/main/successfullpaymenttt.pdf.pif"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491318/; classtype:trojan-activity;sid:84354418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491319)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/blob/main/successfulpayment.pif"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491319/; classtype:trojan-activity;sid:84354419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491311)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/blob/main/successfulpayment.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491311/; classtype:trojan-activity;sid:84354411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491312)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/blob/main/adobe_photoshopsetups.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491312/; classtype:trojan-activity;sid:84354412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491310)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/raw/refs/heads/main/system.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491310/; classtype:trojan-activity;sid:84354410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.171.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491309/; classtype:trojan-activity;sid:84354409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.25.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491308/; classtype:trojan-activity;sid:84354408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.19.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491307/; classtype:trojan-activity;sid:84354407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.254.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491306/; classtype:trojan-activity;sid:84354406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.160.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491305/; classtype:trojan-activity;sid:84354405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.193.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491304/; classtype:trojan-activity;sid:84354404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.156.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491303/; classtype:trojan-activity;sid:84354403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491298/; classtype:trojan-activity;sid:84354398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491299)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.132.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491299/; classtype:trojan-activity;sid:84354399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.22.160.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491300/; classtype:trojan-activity;sid:84354400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.79.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491301/; classtype:trojan-activity;sid:84354401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.181.64.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491302/; classtype:trojan-activity;sid:84354402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.15.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491297/; classtype:trojan-activity;sid:84354397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.2.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491295/; classtype:trojan-activity;sid:84354395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.144.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491296/; classtype:trojan-activity;sid:84354396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.159.96.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491294/; classtype:trojan-activity;sid:84354394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.124.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491293/; classtype:trojan-activity;sid:84354393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.82.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491292/; classtype:trojan-activity;sid:84354392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491291)"; flow:established,from_client; content:"GET"; http_method; content:"/0dyn3ztvbx.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.juryvarious.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491291/; classtype:trojan-activity;sid:84354391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.99.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491290/; classtype:trojan-activity;sid:84354390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491289)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.quzis.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491289/; classtype:trojan-activity;sid:84354389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.251.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491288/; classtype:trojan-activity;sid:84354388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491287)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/nmo/givemebestthingsforgivemebest.hta"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"172.245.123.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491287/; classtype:trojan-activity;sid:84354387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491286)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/nicehome/goodgirlwithbestbattingwithgoodthings.hta"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"209.46.124.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491286/; classtype:trojan-activity;sid:84354386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491284)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/kno/globalshippingservice.hta"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"107.174.231.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491284/; classtype:trojan-activity;sid:84354384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491285)"; flow:established,from_client; content:"GET"; http_method; content:"/bestkissingdayswithgreatnicebeautygirlsareound.hta"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"192.3.216.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491285/; classtype:trojan-activity;sid:84354385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491283)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/dvine/devinebestangelcameonearthwitblessnigentiretiem.hta"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"209.46.124.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491283/; classtype:trojan-activity;sid:84354383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491282)"; flow:established,from_client; content:"GET"; http_method; content:"/d/stwpvcme"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491282/; classtype:trojan-activity;sid:84354382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491281)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.11.229.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491281/; classtype:trojan-activity;sid:84354381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491280)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.11.229.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491280/; classtype:trojan-activity;sid:84354380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491269)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.11.229.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491269/; classtype:trojan-activity;sid:84354369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491270)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.11.229.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491270/; classtype:trojan-activity;sid:84354370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491271)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.11.229.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491271/; classtype:trojan-activity;sid:84354371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491272)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.229.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491272/; classtype:trojan-activity;sid:84354372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491273)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.229.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491273/; classtype:trojan-activity;sid:84354373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491274)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.11.229.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491274/; classtype:trojan-activity;sid:84354374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491275)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.229.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491275/; classtype:trojan-activity;sid:84354375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491276)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.11.229.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491276/; classtype:trojan-activity;sid:84354376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491277)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.11.229.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491277/; classtype:trojan-activity;sid:84354377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491278)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.11.229.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491278/; classtype:trojan-activity;sid:84354378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491279)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.11.229.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491279/; classtype:trojan-activity;sid:84354379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.88.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491268/; classtype:trojan-activity;sid:84354368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.122.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491267/; classtype:trojan-activity;sid:84354367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.230.66.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491265/; classtype:trojan-activity;sid:84354365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.99.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491266/; classtype:trojan-activity;sid:84354366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.215.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491264/; classtype:trojan-activity;sid:84354364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491263)"; flow:established,from_client; content:"GET"; http_method; content:"/d/wfpytjbe/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491263/; classtype:trojan-activity;sid:84354363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.88.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491262/; classtype:trojan-activity;sid:84354362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.87.1.227"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491261/; classtype:trojan-activity;sid:84354361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491260)"; flow:established,from_client; content:"GET"; http_method; content:"/d/u9b5jimh/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491260/; classtype:trojan-activity;sid:84354360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491259)"; flow:established,from_client; content:"GET"; http_method; content:"/file/loader.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.nawatbsc.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491259/; classtype:trojan-activity;sid:84354359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491258)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.higuh.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491258/; classtype:trojan-activity;sid:84354358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.9.69"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491257/; classtype:trojan-activity;sid:84354357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.122.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491256/; classtype:trojan-activity;sid:84354356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.65.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491255/; classtype:trojan-activity;sid:84354355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491244)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491244/; classtype:trojan-activity;sid:84354344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491245)"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491245/; classtype:trojan-activity;sid:84354345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491246)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491246/; classtype:trojan-activity;sid:84354346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491247)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491247/; classtype:trojan-activity;sid:84354347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491248)"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491248/; classtype:trojan-activity;sid:84354348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491249)"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491249/; classtype:trojan-activity;sid:84354349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491250)"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491250/; classtype:trojan-activity;sid:84354350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491251)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491251/; classtype:trojan-activity;sid:84354351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491252)"; flow:established,from_client; content:"GET"; http_method; content:"/n"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491252/; classtype:trojan-activity;sid:84354352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491253)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491253/; classtype:trojan-activity;sid:84354353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491254)"; flow:established,from_client; content:"GET"; http_method; content:"/telnetd"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491254/; classtype:trojan-activity;sid:84354354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491243)"; flow:established,from_client; content:"GET"; http_method; content:"/download/public64.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"lmaobox.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491243/; classtype:trojan-activity;sid:84354343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.230.66.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491242/; classtype:trojan-activity;sid:84354342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.62.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491241/; classtype:trojan-activity;sid:84354341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.212.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491240/; classtype:trojan-activity;sid:84354340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.1.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491239/; classtype:trojan-activity;sid:84354339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.25.235.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491238/; classtype:trojan-activity;sid:84354338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491237)"; flow:established,from_client; content:"GET"; http_method; content:"/2kp21zf8p4.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.juryvarious.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491237/; classtype:trojan-activity;sid:84354337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.61.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491236/; classtype:trojan-activity;sid:84354336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.149.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491235/; classtype:trojan-activity;sid:84354335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.168.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491234/; classtype:trojan-activity;sid:84354334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.252.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491233/; classtype:trojan-activity;sid:84354333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.90.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491232/; classtype:trojan-activity;sid:84354332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.9.69"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491231/; classtype:trojan-activity;sid:84354331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.155.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491230/; classtype:trojan-activity;sid:84354330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.164.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491229/; classtype:trojan-activity;sid:84354329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.25.235.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491228/; classtype:trojan-activity;sid:84354328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.90.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491227/; classtype:trojan-activity;sid:84354327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.29.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491226/; classtype:trojan-activity;sid:84354326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.24.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491225/; classtype:trojan-activity;sid:84354325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.149.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491224/; classtype:trojan-activity;sid:84354324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.95.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491223/; classtype:trojan-activity;sid:84354323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491222)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.vased.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491222/; classtype:trojan-activity;sid:84354322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.252.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491221/; classtype:trojan-activity;sid:84354321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.1.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491220/; classtype:trojan-activity;sid:84354320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.155.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491219/; classtype:trojan-activity;sid:84354319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.24.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491218/; classtype:trojan-activity;sid:84354318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.61.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491217/; classtype:trojan-activity;sid:84354317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.7.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491215/; classtype:trojan-activity;sid:84354315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.29.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491216/; classtype:trojan-activity;sid:84354316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491214)"; flow:established,from_client; content:"GET"; http_method; content:"/361/surme/makesureyoureallywanttokissmefromtheheartbeat_______makesureyoureallywanttokissmefromtheheartbeat_________makesureyoureallywanttokissmefromtheheartbeat.doc"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"216.9.227.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491214/; classtype:trojan-activity;sid:84354314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491212)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/comi/creatingbestthingsforhisbeststepstotakehim.hta"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"209.46.124.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491212/; classtype:trojan-activity;sid:84354312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.80.25.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491213/; classtype:trojan-activity;sid:84354313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491211)"; flow:established,from_client; content:"GET"; http_method; content:"/download/public.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"lmaobox.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491211/; classtype:trojan-activity;sid:84354311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491210)"; flow:established,from_client; content:"GET"; http_method; content:"/file/omny2iqd"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mega.nz"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491210/; classtype:trojan-activity;sid:84354310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491208)"; flow:established,from_client; content:"GET"; http_method; content:"/4edmsg4off.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.juryvarious.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491208/; classtype:trojan-activity;sid:84354308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491209)"; flow:established,from_client; content:"GET"; http_method; content:"/zbrjapvfdygwxysq171.bin"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"95.211.44.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491209/; classtype:trojan-activity;sid:84354309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.245.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491207/; classtype:trojan-activity;sid:84354307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.163.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491206/; classtype:trojan-activity;sid:84354306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.145.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491205/; classtype:trojan-activity;sid:84354305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.67.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491204/; classtype:trojan-activity;sid:84354304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"con.wolonman.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491203/; classtype:trojan-activity;sid:84354303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.17.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491202/; classtype:trojan-activity;sid:84354302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.7.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491201/; classtype:trojan-activity;sid:84354301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.238.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491200/; classtype:trojan-activity;sid:84354300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.140.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491199/; classtype:trojan-activity;sid:84354299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.113.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491198/; classtype:trojan-activity;sid:84354298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.145.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491197/; classtype:trojan-activity;sid:84354297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.163.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491196/; classtype:trojan-activity;sid:84354296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.245.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491195/; classtype:trojan-activity;sid:84354295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.140.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491194/; classtype:trojan-activity;sid:84354294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.67.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491193/; classtype:trojan-activity;sid:84354293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.97.231.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491192/; classtype:trojan-activity;sid:84354292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.10.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491191/; classtype:trojan-activity;sid:84354291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491190/; classtype:trojan-activity;sid:84354290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491189/; classtype:trojan-activity;sid:84354289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.113.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491188/; classtype:trojan-activity;sid:84354288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491187)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.209.101.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491187/; classtype:trojan-activity;sid:84354287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491183)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.23.3.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491183/; classtype:trojan-activity;sid:84354283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491184)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.239.81.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491184/; classtype:trojan-activity;sid:84354284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.241.210.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491185/; classtype:trojan-activity;sid:84354285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491186)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.242.205.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491186/; classtype:trojan-activity;sid:84354286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491180)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.70.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491180/; classtype:trojan-activity;sid:84354280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491181)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.143.3.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491181/; classtype:trojan-activity;sid:84354281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491182)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.165.173.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491182/; classtype:trojan-activity;sid:84354282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491173)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.70.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491173/; classtype:trojan-activity;sid:84354273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491174)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.161.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491174/; classtype:trojan-activity;sid:84354274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491175)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.23.62.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491175/; classtype:trojan-activity;sid:84354275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491176)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.70.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491176/; classtype:trojan-activity;sid:84354276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491177)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"152.172.152.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491177/; classtype:trojan-activity;sid:84354277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491178)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.23.62.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491178/; classtype:trojan-activity;sid:84354278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491179)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.144.159.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491179/; classtype:trojan-activity;sid:84354279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491168)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.144.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491168/; classtype:trojan-activity;sid:84354268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491169)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.164.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491169/; classtype:trojan-activity;sid:84354269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491170)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.5.243.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491170/; classtype:trojan-activity;sid:84354270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491171)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.148.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491171/; classtype:trojan-activity;sid:84354271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491172)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.40.119.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491172/; classtype:trojan-activity;sid:84354272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.51.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491166/; classtype:trojan-activity;sid:84354266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.183.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491167/; classtype:trojan-activity;sid:84354267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.165.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491165/; classtype:trojan-activity;sid:84354265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.161.165.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491164/; classtype:trojan-activity;sid:84354264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491163/; classtype:trojan-activity;sid:84354263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.147.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491162/; classtype:trojan-activity;sid:84354262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.222.50.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491161/; classtype:trojan-activity;sid:84354261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491160)"; flow:established,from_client; content:"GET"; http_method; content:"/mvvoppevsy.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.juryvarious.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491160/; classtype:trojan-activity;sid:84354260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.97.231.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491159/; classtype:trojan-activity;sid:84354259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491158/; classtype:trojan-activity;sid:84354258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.65.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491157/; classtype:trojan-activity;sid:84354257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.217.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491156/; classtype:trojan-activity;sid:84354256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.138.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491155/; classtype:trojan-activity;sid:84354255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.10.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491154/; classtype:trojan-activity;sid:84354254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491153)"; flow:established,from_client; content:"GET"; http_method; content:"/gkd.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"115.233.60.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491153/; classtype:trojan-activity;sid:84354253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491152)"; flow:established,from_client; content:"GET"; http_method; content:"/ddc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"115.233.60.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491152/; classtype:trojan-activity;sid:84354252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491151)"; flow:established,from_client; content:"GET"; http_method; content:"/de.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.233.60.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491151/; classtype:trojan-activity;sid:84354251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491150)"; flow:established,from_client; content:"GET"; http_method; content:"/temp.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"115.233.60.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491150/; classtype:trojan-activity;sid:84354250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.113.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491149/; classtype:trojan-activity;sid:84354249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491147)"; flow:established,from_client; content:"GET"; http_method; content:"/fjugm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"jpkinki.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491147/; classtype:trojan-activity;sid:84354247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491148)"; flow:established,from_client; content:"GET"; http_method; content:"/filelesspeloader86.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"115.233.60.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491148/; classtype:trojan-activity;sid:84354248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.222.50.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491145/; classtype:trojan-activity;sid:84354245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.165.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491144/; classtype:trojan-activity;sid:84354244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.78.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491143/; classtype:trojan-activity;sid:84354243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.97.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491142/; classtype:trojan-activity;sid:84354242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.223.25.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491141/; classtype:trojan-activity;sid:84354241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.61.181.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491140/; classtype:trojan-activity;sid:84354240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.206.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491139/; classtype:trojan-activity;sid:84354239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491138)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.helij.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491138/; classtype:trojan-activity;sid:84354238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.239.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491137/; classtype:trojan-activity;sid:84354237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.154.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491136/; classtype:trojan-activity;sid:84354236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.169.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491135/; classtype:trojan-activity;sid:84354235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.192.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491134/; classtype:trojan-activity;sid:84354234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.200.220.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491133/; classtype:trojan-activity;sid:84354233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.120.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491132/; classtype:trojan-activity;sid:84354232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.200.220.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491131/; classtype:trojan-activity;sid:84354231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.154.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491129/; classtype:trojan-activity;sid:84354229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491130/; classtype:trojan-activity;sid:84354230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.97.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491128/; classtype:trojan-activity;sid:84354228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.140.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491126/; classtype:trojan-activity;sid:84354226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.78.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491127/; classtype:trojan-activity;sid:84354227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.206.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491125/; classtype:trojan-activity;sid:84354225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491124)"; flow:established,from_client; content:"GET"; http_method; content:"/ak6avv6n1p.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.juryvarious.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491124/; classtype:trojan-activity;sid:84354224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.29.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491123/; classtype:trojan-activity;sid:84354223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.192.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491122/; classtype:trojan-activity;sid:84354222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.192.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491121/; classtype:trojan-activity;sid:84354221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.140.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491120/; classtype:trojan-activity;sid:84354220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.140.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491119/; classtype:trojan-activity;sid:84354219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.118.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491118/; classtype:trojan-activity;sid:84354218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.3.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491117/; classtype:trojan-activity;sid:84354217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.102.173.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491116/; classtype:trojan-activity;sid:84354216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.234.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491115/; classtype:trojan-activity;sid:84354215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.230.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491114/; classtype:trojan-activity;sid:84354214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.192.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491113/; classtype:trojan-activity;sid:84354213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.234.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491112/; classtype:trojan-activity;sid:84354212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.212.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491111/; classtype:trojan-activity;sid:84354211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.219.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491110/; classtype:trojan-activity;sid:84354210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.146.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491109/; classtype:trojan-activity;sid:84354209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.118.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491108/; classtype:trojan-activity;sid:84354208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.38.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491107/; classtype:trojan-activity;sid:84354207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.102.173.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491106/; classtype:trojan-activity;sid:84354206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.129.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491105/; classtype:trojan-activity;sid:84354205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.139.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491103/; classtype:trojan-activity;sid:84354203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.230.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491104/; classtype:trojan-activity;sid:84354204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.88.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491102/; classtype:trojan-activity;sid:84354202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.38.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491101/; classtype:trojan-activity;sid:84354201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.236.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491100/; classtype:trojan-activity;sid:84354200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.60.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491099/; classtype:trojan-activity;sid:84354199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.236.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491098/; classtype:trojan-activity;sid:84354198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491097)"; flow:established,from_client; content:"GET"; http_method; content:"/4viottvkya.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.juryvarious.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491097/; classtype:trojan-activity;sid:84354197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.252.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491096/; classtype:trojan-activity;sid:84354196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.212.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491095/; classtype:trojan-activity;sid:84354195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491094/; classtype:trojan-activity;sid:84354194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.55.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491093/; classtype:trojan-activity;sid:84354193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.30.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491092/; classtype:trojan-activity;sid:84354192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.139.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491091/; classtype:trojan-activity;sid:84354191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.215.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491090/; classtype:trojan-activity;sid:84354190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.56.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491089/; classtype:trojan-activity;sid:84354189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.95.62.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491088/; classtype:trojan-activity;sid:84354188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.40.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491087/; classtype:trojan-activity;sid:84354187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.50.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491086/; classtype:trojan-activity;sid:84354186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.88.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491084/; classtype:trojan-activity;sid:84354184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.252.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491085/; classtype:trojan-activity;sid:84354185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.232.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491083/; classtype:trojan-activity;sid:84354183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.30.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491082/; classtype:trojan-activity;sid:84354182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.138.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491081/; classtype:trojan-activity;sid:84354181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.15.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491079/; classtype:trojan-activity;sid:84354179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.42.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491080/; classtype:trojan-activity;sid:84354180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491078/; classtype:trojan-activity;sid:84354178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491076/; classtype:trojan-activity;sid:84354176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.140.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491077/; classtype:trojan-activity;sid:84354177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.98.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491075/; classtype:trojan-activity;sid:84354175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.30.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491074/; classtype:trojan-activity;sid:84354174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.55.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491073/; classtype:trojan-activity;sid:84354173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491072/; classtype:trojan-activity;sid:84354172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.98.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491071/; classtype:trojan-activity;sid:84354171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491070/; classtype:trojan-activity;sid:84354170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.215.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491069/; classtype:trojan-activity;sid:84354169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.49.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491068/; classtype:trojan-activity;sid:84354168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.50.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491067/; classtype:trojan-activity;sid:84354167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.97.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491066/; classtype:trojan-activity;sid:84354166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.232.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491065/; classtype:trojan-activity;sid:84354165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.157.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491064/; classtype:trojan-activity;sid:84354164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.138.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491063/; classtype:trojan-activity;sid:84354163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.98.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491062/; classtype:trojan-activity;sid:84354162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.42.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491061/; classtype:trojan-activity;sid:84354161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.140.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491060/; classtype:trojan-activity;sid:84354160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491059)"; flow:established,from_client; content:"GET"; http_method; content:"/jjjj.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491059/; classtype:trojan-activity;sid:84354159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.239.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491058/; classtype:trojan-activity;sid:84354158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491056)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.lipog.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491056/; classtype:trojan-activity;sid:84354156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491057)"; flow:established,from_client; content:"GET"; http_method; content:"/bimbo/frosty.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491057/; classtype:trojan-activity;sid:84354157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491044)"; flow:established,from_client; content:"GET"; http_method; content:"/bimbo/frosty.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491044/; classtype:trojan-activity;sid:84354144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491045)"; flow:established,from_client; content:"GET"; http_method; content:"/bimbo/frosty.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491045/; classtype:trojan-activity;sid:84354145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491046)"; flow:established,from_client; content:"GET"; http_method; content:"/bimbo/frosty.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491046/; classtype:trojan-activity;sid:84354146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491047)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491047/; classtype:trojan-activity;sid:84354147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491048)"; flow:established,from_client; content:"GET"; http_method; content:"/bimbo/frosty.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491048/; classtype:trojan-activity;sid:84354148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491049)"; flow:established,from_client; content:"GET"; http_method; content:"/bimbo/frosty.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491049/; classtype:trojan-activity;sid:84354149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491050)"; flow:established,from_client; content:"GET"; http_method; content:"/bimbo/frosty.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491050/; classtype:trojan-activity;sid:84354150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491051)"; flow:established,from_client; content:"GET"; http_method; content:"/bimbo/frosty.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491051/; classtype:trojan-activity;sid:84354151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491052)"; flow:established,from_client; content:"GET"; http_method; content:"/bimbo/frosty.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491052/; classtype:trojan-activity;sid:84354152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491053)"; flow:established,from_client; content:"GET"; http_method; content:"/bimbo/frosty.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491053/; classtype:trojan-activity;sid:84354153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491054)"; flow:established,from_client; content:"GET"; http_method; content:"/bimbo/frosty.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491054/; classtype:trojan-activity;sid:84354154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.98.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491055/; classtype:trojan-activity;sid:84354155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.40.64.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491043/; classtype:trojan-activity;sid:84354143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.39.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491042/; classtype:trojan-activity;sid:84354142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.9.122.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491040/; classtype:trojan-activity;sid:84354140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.169.20.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491041/; classtype:trojan-activity;sid:84354141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.139.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491036/; classtype:trojan-activity;sid:84354136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.177.180.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491037/; classtype:trojan-activity;sid:84354137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.53.125.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491038/; classtype:trojan-activity;sid:84354138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.26.17.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491039/; classtype:trojan-activity;sid:84354139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.225.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491034/; classtype:trojan-activity;sid:84354134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.91.74.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491035/; classtype:trojan-activity;sid:84354135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.10.121.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491033/; classtype:trojan-activity;sid:84354133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491020)"; flow:established,from_client; content:"GET"; http_method; content:"/goldage3atomips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491020/; classtype:trojan-activity;sid:84354120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491021)"; flow:established,from_client; content:"GET"; http_method; content:"/goldage3atom68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491021/; classtype:trojan-activity;sid:84354121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491022)"; flow:established,from_client; content:"GET"; http_method; content:"/goldage3atospc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491022/; classtype:trojan-activity;sid:84354122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491023)"; flow:established,from_client; content:"GET"; http_method; content:"/goldage3atoarm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491023/; classtype:trojan-activity;sid:84354123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491024)"; flow:established,from_client; content:"GET"; http_method; content:"/goldage3atoarm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491024/; classtype:trojan-activity;sid:84354124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491025)"; flow:established,from_client; content:"GET"; http_method; content:"/goldage3atoarm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491025/; classtype:trojan-activity;sid:84354125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491026)"; flow:established,from_client; content:"GET"; http_method; content:"/telnet"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491026/; classtype:trojan-activity;sid:84354126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491027)"; flow:established,from_client; content:"GET"; http_method; content:"/goldage3atox64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491027/; classtype:trojan-activity;sid:84354127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491028)"; flow:established,from_client; content:"GET"; http_method; content:"/goldage3atompsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491028/; classtype:trojan-activity;sid:84354128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491029)"; flow:established,from_client; content:"GET"; http_method; content:"/goldage3atoarm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491029/; classtype:trojan-activity;sid:84354129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491030)"; flow:established,from_client; content:"GET"; http_method; content:"/goldage3atosh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491030/; classtype:trojan-activity;sid:84354130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491031)"; flow:established,from_client; content:"GET"; http_method; content:"/goldage3atox86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491031/; classtype:trojan-activity;sid:84354131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491032)"; flow:established,from_client; content:"GET"; http_method; content:"/goldage3atoppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491032/; classtype:trojan-activity;sid:84354132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.49.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491019/; classtype:trojan-activity;sid:84354119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491018)"; flow:established,from_client; content:"GET"; http_method; content:"/yi3ggrw0uq.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.juryvarious.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491018/; classtype:trojan-activity;sid:84354118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491017)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.10.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491017/; classtype:trojan-activity;sid:84354117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.227.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491016/; classtype:trojan-activity;sid:84354116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491009)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491009/; classtype:trojan-activity;sid:84354109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491010)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/w.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491010/; classtype:trojan-activity;sid:84354110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491011)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.142.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491011/; classtype:trojan-activity;sid:84354111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491012)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.144.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491012/; classtype:trojan-activity;sid:84354112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491013)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.144.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491013/; classtype:trojan-activity;sid:84354113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491014)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.144.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491014/; classtype:trojan-activity;sid:84354114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491015)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.142.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491015/; classtype:trojan-activity;sid:84354115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491008)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.142.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491008/; classtype:trojan-activity;sid:84354108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491007)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wget.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491007/; classtype:trojan-activity;sid:84354107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491006)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2.56.246.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491006/; classtype:trojan-activity;sid:84354106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.249.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491005/; classtype:trojan-activity;sid:84354105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490993)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"2.56.246.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490993/; classtype:trojan-activity;sid:84354093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490994)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2.56.246.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490994/; classtype:trojan-activity;sid:84354094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490995)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"2.56.246.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490995/; classtype:trojan-activity;sid:84354095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490996)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"2.56.246.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490996/; classtype:trojan-activity;sid:84354096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490997)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"2.56.246.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490997/; classtype:trojan-activity;sid:84354097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490998)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"2.56.246.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490998/; classtype:trojan-activity;sid:84354098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490999)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2.56.246.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490999/; classtype:trojan-activity;sid:84354099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491000)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2.56.246.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491000/; classtype:trojan-activity;sid:84354100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491001)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2.56.246.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491001/; classtype:trojan-activity;sid:84354101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491002)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"network-for.ocean-network.cloud"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491002/; classtype:trojan-activity;sid:84354102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491003)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"network-for.ocean-network.cloud"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491003/; classtype:trojan-activity;sid:84354103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491004)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2.56.246.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491004/; classtype:trojan-activity;sid:84354104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490984)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"network-for.ocean-network.cloud"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490984/; classtype:trojan-activity;sid:84354084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490985)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"network-for.ocean-network.cloud"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490985/; classtype:trojan-activity;sid:84354085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490986)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"network-for.ocean-network.cloud"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490986/; classtype:trojan-activity;sid:84354086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490987)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"network-for.ocean-network.cloud"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490987/; classtype:trojan-activity;sid:84354087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490988)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"network-for.ocean-network.cloud"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490988/; classtype:trojan-activity;sid:84354088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490989)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"network-for.ocean-network.cloud"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490989/; classtype:trojan-activity;sid:84354089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490990)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"network-for.ocean-network.cloud"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490990/; classtype:trojan-activity;sid:84354090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490991)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"network-for.ocean-network.cloud"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490991/; classtype:trojan-activity;sid:84354091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490992)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"network-for.ocean-network.cloud"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490992/; classtype:trojan-activity;sid:84354092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.14.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490979/; classtype:trojan-activity;sid:84354079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.155.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490980/; classtype:trojan-activity;sid:84354080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490981/; classtype:trojan-activity;sid:84354081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.165.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490982/; classtype:trojan-activity;sid:84354082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.230.66.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490983/; classtype:trojan-activity;sid:84354083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.195.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490978/; classtype:trojan-activity;sid:84354078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.230.66.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490977/; classtype:trojan-activity;sid:84354077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.97.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490976/; classtype:trojan-activity;sid:84354076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.157.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490975/; classtype:trojan-activity;sid:84354075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.200.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490974/; classtype:trojan-activity;sid:84354074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.40.64.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490973/; classtype:trojan-activity;sid:84354073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.235.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490972/; classtype:trojan-activity;sid:84354072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.72.252.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490970/; classtype:trojan-activity;sid:84354070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.249.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490971/; classtype:trojan-activity;sid:84354071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.55.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490969/; classtype:trojan-activity;sid:84354069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490968)"; flow:established,from_client; content:"GET"; http_method; content:"/mikeycollamat/assets/raw/refs/heads/master/launcher.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490968/; classtype:trojan-activity;sid:84354068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.235.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490967/; classtype:trojan-activity;sid:84354067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.200.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490966/; classtype:trojan-activity;sid:84354066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.125.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490965/; classtype:trojan-activity;sid:84354065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.31.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490964/; classtype:trojan-activity;sid:84354064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.110.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490963/; classtype:trojan-activity;sid:84354063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.39.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490962/; classtype:trojan-activity;sid:84354062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.226.1.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490961/; classtype:trojan-activity;sid:84354061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.33.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490960/; classtype:trojan-activity;sid:84354060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.72.252.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490959/; classtype:trojan-activity;sid:84354059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.51.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490958/; classtype:trojan-activity;sid:84354058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.112.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490956/; classtype:trojan-activity;sid:84354056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.110.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490957/; classtype:trojan-activity;sid:84354057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.239.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490955/; classtype:trojan-activity;sid:84354055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.108.133.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490954/; classtype:trojan-activity;sid:84354054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490953)"; flow:established,from_client; content:"GET"; http_method; content:"/8cnl6z0a8h.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.juryvarious.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490953/; classtype:trojan-activity;sid:84354053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.36.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490952/; classtype:trojan-activity;sid:84354052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.231.157.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490951/; classtype:trojan-activity;sid:84354051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.1.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490950/; classtype:trojan-activity;sid:84354050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.225.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490949/; classtype:trojan-activity;sid:84354049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.77.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490948/; classtype:trojan-activity;sid:84354048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.39.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490947/; classtype:trojan-activity;sid:84354047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.5.97.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490946/; classtype:trojan-activity;sid:84354046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.33.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490945/; classtype:trojan-activity;sid:84354045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.132.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490944/; classtype:trojan-activity;sid:84354044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.192.248.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490943/; classtype:trojan-activity;sid:84354043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.6.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490942/; classtype:trojan-activity;sid:84354042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.157.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490941/; classtype:trojan-activity;sid:84354041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.175.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490940/; classtype:trojan-activity;sid:84354040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.36.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490939/; classtype:trojan-activity;sid:84354039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.225.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490938/; classtype:trojan-activity;sid:84354038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.133.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490937/; classtype:trojan-activity;sid:84354037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.112.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490936/; classtype:trojan-activity;sid:84354036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.146.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490935/; classtype:trojan-activity;sid:84354035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.52.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490934/; classtype:trojan-activity;sid:84354034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.223.25.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490933/; classtype:trojan-activity;sid:84354033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.29.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490932/; classtype:trojan-activity;sid:84354032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490931)"; flow:established,from_client; content:"GET"; http_method; content:"/iccgahb.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"leka25.s3.us-east-1.amazonaws.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490931/; classtype:trojan-activity;sid:84354031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490930)"; flow:established,from_client; content:"GET"; http_method; content:"/file/file/eng.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"larisantiara.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490930/; classtype:trojan-activity;sid:84354030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490927)"; flow:established,from_client; content:"GET"; http_method; content:"/file/file/ybin.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"larisantiara.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490927/; classtype:trojan-activity;sid:84354027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490928)"; flow:established,from_client; content:"GET"; http_method; content:"/file/file/dac.ps1"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"larisantiara.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490928/; classtype:trojan-activity;sid:84354028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490929)"; flow:established,from_client; content:"GET"; http_method; content:"/file/file/syl.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"larisantiara.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490929/; classtype:trojan-activity;sid:84354029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490914)"; flow:established,from_client; content:"GET"; http_method; content:"/file/file/muk.ps1"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"larisantiara.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490914/; classtype:trojan-activity;sid:84354014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490915)"; flow:established,from_client; content:"GET"; http_method; content:"/file/file/muk.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"larisantiara.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490915/; classtype:trojan-activity;sid:84354015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490916)"; flow:established,from_client; content:"GET"; http_method; content:"/file/file/syl.ps1"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"larisantiara.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490916/; classtype:trojan-activity;sid:84354016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490917)"; flow:established,from_client; content:"GET"; http_method; content:"/file/file/ssteph.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"larisantiara.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490917/; classtype:trojan-activity;sid:84354017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490918)"; flow:established,from_client; content:"GET"; http_method; content:"/file/file/ddac.ps1"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"larisantiara.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490918/; classtype:trojan-activity;sid:84354018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490919)"; flow:established,from_client; content:"GET"; http_method; content:"/file/file/ddacc.ps1"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"larisantiara.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490919/; classtype:trojan-activity;sid:84354019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490920)"; flow:established,from_client; content:"GET"; http_method; content:"/file/file/big77.ps1"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"larisantiara.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490920/; classtype:trojan-activity;sid:84354020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490921)"; flow:established,from_client; content:"GET"; http_method; content:"/file/file/eng.ps1"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"larisantiara.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490921/; classtype:trojan-activity;sid:84354021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490922)"; flow:established,from_client; content:"GET"; http_method; content:"/file/file/test.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"larisantiara.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490922/; classtype:trojan-activity;sid:84354022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490923)"; flow:established,from_client; content:"GET"; http_method; content:"/file/file/guy.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"larisantiara.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490923/; classtype:trojan-activity;sid:84354023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490924)"; flow:established,from_client; content:"GET"; http_method; content:"/file/file/dac.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"larisantiara.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490924/; classtype:trojan-activity;sid:84354024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490925)"; flow:established,from_client; content:"GET"; http_method; content:"/file/file/big7.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"larisantiara.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490925/; classtype:trojan-activity;sid:84354025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490926)"; flow:established,from_client; content:"GET"; http_method; content:"/file/file/freak.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"larisantiara.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490926/; classtype:trojan-activity;sid:84354026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490913)"; flow:established,from_client; content:"GET"; http_method; content:"/file/freak.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"larisantiara.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490913/; classtype:trojan-activity;sid:84354013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.196.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490912/; classtype:trojan-activity;sid:84354012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490911)"; flow:established,from_client; content:"GET"; http_method; content:"/file/dac.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"larisantiara.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490911/; classtype:trojan-activity;sid:84354011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490910)"; flow:established,from_client; content:"GET"; http_method; content:"/file/ddac.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"larisantiara.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490910/; classtype:trojan-activity;sid:84354010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.73.175.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490908/; classtype:trojan-activity;sid:84354008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.220.239.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490909/; classtype:trojan-activity;sid:84354009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490907)"; flow:established,from_client; content:"GET"; http_method; content:"/1.php|3f|s=flibabc13"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"herophombyre.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490907/; classtype:trojan-activity;sid:84354007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490905)"; flow:established,from_client; content:"GET"; http_method; content:"/0p.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.255.57.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490905/; classtype:trojan-activity;sid:84354005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.52.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490906/; classtype:trojan-activity;sid:84354006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.146.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490904/; classtype:trojan-activity;sid:84354004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.88.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490903/; classtype:trojan-activity;sid:84354003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.29.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490902/; classtype:trojan-activity;sid:84354002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490901)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.gytat.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490901/; classtype:trojan-activity;sid:84354001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.187.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490900/; classtype:trojan-activity;sid:84354000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490899)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/ac4sinoo522oiudonymqi/pzultzced73.bin|3f|rlkey=uofxw420qok382zwjfdli8zxj|7c|26|7c|st=cj7v2yy0|7c|26|7c|dl=1"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490899/; classtype:trojan-activity;sid:84353999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490898)"; flow:established,from_client; content:"GET"; http_method; content:"/405p6ub5oi.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.juryvarious.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490898/; classtype:trojan-activity;sid:84353998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.163.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490897/; classtype:trojan-activity;sid:84353997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.57.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490896/; classtype:trojan-activity;sid:84353996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.220.239.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490895/; classtype:trojan-activity;sid:84353995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490894/; classtype:trojan-activity;sid:84353994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.134.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490893/; classtype:trojan-activity;sid:84353993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.73.175.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490892/; classtype:trojan-activity;sid:84353992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.196.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490891/; classtype:trojan-activity;sid:84353991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.163.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490890/; classtype:trojan-activity;sid:84353990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.167.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490889/; classtype:trojan-activity;sid:84353989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.32.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490888/; classtype:trojan-activity;sid:84353988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.192.248.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490887/; classtype:trojan-activity;sid:84353987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.146.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490886/; classtype:trojan-activity;sid:84353986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.87.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490885/; classtype:trojan-activity;sid:84353985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490884)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1esnhsm4zzh-9_nbldslkyhx3l_m3vikf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490884/; classtype:trojan-activity;sid:84353984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.252.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490883/; classtype:trojan-activity;sid:84353983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.134.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490882/; classtype:trojan-activity;sid:84353982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.209.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490880/; classtype:trojan-activity;sid:84353980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.167.94.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490881/; classtype:trojan-activity;sid:84353981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.252.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490879/; classtype:trojan-activity;sid:84353979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.164.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490878/; classtype:trojan-activity;sid:84353978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.65.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490877/; classtype:trojan-activity;sid:84353977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"yrtuyu-6y.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490876/; classtype:trojan-activity;sid:84353976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.13.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490875/; classtype:trojan-activity;sid:84353975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490874)"; flow:established,from_client; content:"GET"; http_method; content:"/spread.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.144.2.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490874/; classtype:trojan-activity;sid:84353974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.helpm6.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490867/; classtype:trojan-activity;sid:84353967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"bw3699log.dgehelp.top"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490868/; classtype:trojan-activity;sid:84353968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.wyghelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490869/; classtype:trojan-activity;sid:84353969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490870)"; flow:established,from_client; content:"GET"; http_method; content:"/bdsahdvsaiudcvas/fedora.bat"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"onlyfans.pe"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490870/; classtype:trojan-activity;sid:84353970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"testingnewdomain.top"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490871/; classtype:trojan-activity;sid:84353971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"acc.horipalok.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490872/; classtype:trojan-activity;sid:84353972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.pjshelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490873/; classtype:trojan-activity;sid:84353973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490847)"; flow:established,from_client; content:"GET"; http_method; content:"/load/xclient.vbs"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"safetguard.mosco.cc"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490847/; classtype:trojan-activity;sid:84353947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.qnuhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490848/; classtype:trojan-activity;sid:84353948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"lgtqpo-i2.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490849/; classtype:trojan-activity;sid:84353949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"acc.cjxhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490850/; classtype:trojan-activity;sid:84353950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"acc.alphelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490851/; classtype:trojan-activity;sid:84353951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxzerohack.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490852/; classtype:trojan-activity;sid:84353952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"acc.bcjhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490853/; classtype:trojan-activity;sid:84353953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"os.eqhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490854/; classtype:trojan-activity;sid:84353954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.fzqhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490855/; classtype:trojan-activity;sid:84353955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"vtjpnplus.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490856/; classtype:trojan-activity;sid:84353956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxsafex.de"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490857/; classtype:trojan-activity;sid:84353957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"acc.gzmhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490858/; classtype:trojan-activity;sid:84353958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"lvnjyubf.uhimsicloudcop.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490859/; classtype:trojan-activity;sid:84353959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.rwbhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490860/; classtype:trojan-activity;sid:84353960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"12support.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490861/; classtype:trojan-activity;sid:84353961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"acc.mocs2.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490862/; classtype:trojan-activity;sid:84353962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.fzqhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490863/; classtype:trojan-activity;sid:84353963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"molatorisy.icu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490864/; classtype:trojan-activity;sid:84353964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.kxhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490865/; classtype:trojan-activity;sid:84353965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.help3x.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490866/; classtype:trojan-activity;sid:84353966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wb3699log.bvwhelp.top"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490845/; classtype:trojan-activity;sid:84353945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.vfmhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490846/; classtype:trojan-activity;sid:84353946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.16.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490844/; classtype:trojan-activity;sid:84353944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.164.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490843/; classtype:trojan-activity;sid:84353943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490842/; classtype:trojan-activity;sid:84353942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490841)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.viqon.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490841/; classtype:trojan-activity;sid:84353941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.0.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490840/; classtype:trojan-activity;sid:84353940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.167.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490839/; classtype:trojan-activity;sid:84353939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.88.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490838/; classtype:trojan-activity;sid:84353938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.30.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490837/; classtype:trojan-activity;sid:84353937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.133.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490836/; classtype:trojan-activity;sid:84353936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490835/; classtype:trojan-activity;sid:84353935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.161.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490834/; classtype:trojan-activity;sid:84353934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.132.95.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490833/; classtype:trojan-activity;sid:84353933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490831/; classtype:trojan-activity;sid:84353931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.30.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490832/; classtype:trojan-activity;sid:84353932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.185.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490830/; classtype:trojan-activity;sid:84353930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490829/; classtype:trojan-activity;sid:84353929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.165.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490828/; classtype:trojan-activity;sid:84353928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490827)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490827/; classtype:trojan-activity;sid:84353927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490826)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.112.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490826/; classtype:trojan-activity;sid:84353926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490825)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490825/; classtype:trojan-activity;sid:84353925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490824)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.151.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490824/; classtype:trojan-activity;sid:84353924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.196.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490822/; classtype:trojan-activity;sid:84353922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.81.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490823/; classtype:trojan-activity;sid:84353923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490821)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.158.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490821/; classtype:trojan-activity;sid:84353921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.209.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490820/; classtype:trojan-activity;sid:84353920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.18.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490819/; classtype:trojan-activity;sid:84353919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.13.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490818/; classtype:trojan-activity;sid:84353918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490817)"; flow:established,from_client; content:"GET"; http_method; content:"/xlqu1pnghc.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.juryvarious.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490817/; classtype:trojan-activity;sid:84353917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.222.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490815/; classtype:trojan-activity;sid:84353915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.161.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490816/; classtype:trojan-activity;sid:84353916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.65.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490814/; classtype:trojan-activity;sid:84353914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.240.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490813/; classtype:trojan-activity;sid:84353913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.246.69.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490812/; classtype:trojan-activity;sid:84353912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.16.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490811/; classtype:trojan-activity;sid:84353911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.29.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490810/; classtype:trojan-activity;sid:84353910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.215.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490809/; classtype:trojan-activity;sid:84353909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.225.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490808/; classtype:trojan-activity;sid:84353908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.132.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490807/; classtype:trojan-activity;sid:84353907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490806/; classtype:trojan-activity;sid:84353906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490805/; classtype:trojan-activity;sid:84353905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.167.94.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490804/; classtype:trojan-activity;sid:84353904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.222.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490803/; classtype:trojan-activity;sid:84353903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.194.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490802/; classtype:trojan-activity;sid:84353902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.185.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490801/; classtype:trojan-activity;sid:84353901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.133.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490800/; classtype:trojan-activity;sid:84353900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.109.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490799/; classtype:trojan-activity;sid:84353899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.255.13.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490798/; classtype:trojan-activity;sid:84353898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.89.90.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490797/; classtype:trojan-activity;sid:84353897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.179.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490795/; classtype:trojan-activity;sid:84353895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.132.95.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490796/; classtype:trojan-activity;sid:84353896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.34.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490794/; classtype:trojan-activity;sid:84353894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490793/; classtype:trojan-activity;sid:84353893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.185.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490792/; classtype:trojan-activity;sid:84353892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.224.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490791/; classtype:trojan-activity;sid:84353891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.115.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490790/; classtype:trojan-activity;sid:84353890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.109.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490789/; classtype:trojan-activity;sid:84353889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.124.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490788/; classtype:trojan-activity;sid:84353888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.88.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490787/; classtype:trojan-activity;sid:84353887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.225.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490786/; classtype:trojan-activity;sid:84353886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.213.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490785/; classtype:trojan-activity;sid:84353885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.34.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490784/; classtype:trojan-activity;sid:84353884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.179.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490783/; classtype:trojan-activity;sid:84353883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.147.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490782/; classtype:trojan-activity;sid:84353882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.90.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490781/; classtype:trojan-activity;sid:84353881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.71.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490780/; classtype:trojan-activity;sid:84353880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.206.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490779/; classtype:trojan-activity;sid:84353879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.53.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490778/; classtype:trojan-activity;sid:84353878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.161.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490777/; classtype:trojan-activity;sid:84353877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.132.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490776/; classtype:trojan-activity;sid:84353876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.213.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490775/; classtype:trojan-activity;sid:84353875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.88.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490774/; classtype:trojan-activity;sid:84353874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.115.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490773/; classtype:trojan-activity;sid:84353873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.13.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490772/; classtype:trojan-activity;sid:84353872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.246.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490771/; classtype:trojan-activity;sid:84353871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.71.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490770/; classtype:trojan-activity;sid:84353870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.124.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490769/; classtype:trojan-activity;sid:84353869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490768/; classtype:trojan-activity;sid:84353868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.53.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490767/; classtype:trojan-activity;sid:84353867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.168.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490766/; classtype:trojan-activity;sid:84353866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"140.255.141.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490765/; classtype:trojan-activity;sid:84353865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.86.160.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490764/; classtype:trojan-activity;sid:84353864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.132.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490763/; classtype:trojan-activity;sid:84353863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.118.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490762/; classtype:trojan-activity;sid:84353862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.146.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490761/; classtype:trojan-activity;sid:84353861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.166.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490760/; classtype:trojan-activity;sid:84353860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.175.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490759/; classtype:trojan-activity;sid:84353859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"140.255.141.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490758/; classtype:trojan-activity;sid:84353858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.227.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490757/; classtype:trojan-activity;sid:84353857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.146.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490756/; classtype:trojan-activity;sid:84353856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.212.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490755/; classtype:trojan-activity;sid:84353855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.84.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490754/; classtype:trojan-activity;sid:84353854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.37.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490753/; classtype:trojan-activity;sid:84353853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.13.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490752/; classtype:trojan-activity;sid:84353852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490751/; classtype:trojan-activity;sid:84353851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490750/; classtype:trojan-activity;sid:84353850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490749)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.144.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490749/; classtype:trojan-activity;sid:84353849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.100.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490748/; classtype:trojan-activity;sid:84353848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490747/; classtype:trojan-activity;sid:84353847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.168.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490746/; classtype:trojan-activity;sid:84353846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.247.85.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490745/; classtype:trojan-activity;sid:84353845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.146.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490744/; classtype:trojan-activity;sid:84353844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.227.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490743/; classtype:trojan-activity;sid:84353843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.185.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490742/; classtype:trojan-activity;sid:84353842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.146.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490740/; classtype:trojan-activity;sid:84353840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.118.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490741/; classtype:trojan-activity;sid:84353841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490739/; classtype:trojan-activity;sid:84353839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.25.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490738/; classtype:trojan-activity;sid:84353838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.180.244.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490737/; classtype:trojan-activity;sid:84353837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.84.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490736/; classtype:trojan-activity;sid:84353836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.37.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490735/; classtype:trojan-activity;sid:84353835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.85.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490734/; classtype:trojan-activity;sid:84353834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.95.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490733/; classtype:trojan-activity;sid:84353833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.246.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490732/; classtype:trojan-activity;sid:84353832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.181.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490731/; classtype:trojan-activity;sid:84353831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.93.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490730/; classtype:trojan-activity;sid:84353830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.3.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490729/; classtype:trojan-activity;sid:84353829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.180.244.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490728/; classtype:trojan-activity;sid:84353828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.25.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490727/; classtype:trojan-activity;sid:84353827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.139.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490726/; classtype:trojan-activity;sid:84353826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490725)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"gjuestidrewiew.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490725/; classtype:trojan-activity;sid:84353825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490723)"; flow:established,from_client; content:"GET"; http_method; content:"/sign-in|3f|op_token=zxj81egvvyxv0ackyaqounlo3mm9it2qznk5un3prm3bpcmgscwf1dghvcml6zroaahr0chm6ly9hzg1pbi5ib29raw5nlmnvbs8qonsiyxv0af9hdhrlbxb0x2lkijoiyjezzgnlmjqtmgm5os00yjjllthiogutnji0njlln2y1zgq5in0yk1lhoetpzgcwyxpls1n1og5vz25uq3psci1mykt5txfxavnwannsmjv4wnm6bfmyntzcbgnvzguqezcsipujlk4nogbcafjd1nxosdi"; http_uri; depth:305; isdataat:!1,relative; nocase; content:"booking.gjuestidrewiew.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490723/; classtype:trojan-activity;sid:84353823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490724)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"booking.gjuestidrewiew.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490724/; classtype:trojan-activity;sid:84353824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490720)"; flow:established,from_client; content:"GET"; http_method; content:"/fox.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"92.255.85.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490720/; classtype:trojan-activity;sid:84353820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490721)"; flow:established,from_client; content:"GET"; http_method; content:"/k.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"92.255.85.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490721/; classtype:trojan-activity;sid:84353821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490722)"; flow:established,from_client; content:"GET"; http_method; content:"/nacz5oswnnisahpz.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"cardrive356days.cyou"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490722/; classtype:trojan-activity;sid:84353822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490718)"; flow:established,from_client; content:"GET"; http_method; content:"/cmd.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"92.255.85.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490718/; classtype:trojan-activity;sid:84353818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490719)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"cardrive356days.cyou"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490719/; classtype:trojan-activity;sid:84353819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.95.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490717/; classtype:trojan-activity;sid:84353817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.172.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490716/; classtype:trojan-activity;sid:84353816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.15.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490715/; classtype:trojan-activity;sid:84353815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490713/; classtype:trojan-activity;sid:84353813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.185.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490714/; classtype:trojan-activity;sid:84353814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.133.90.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490711/; classtype:trojan-activity;sid:84353811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490712/; classtype:trojan-activity;sid:84353812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.246.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490710/; classtype:trojan-activity;sid:84353810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490705)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490705/; classtype:trojan-activity;sid:84353805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.15.10.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490706/; classtype:trojan-activity;sid:84353806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.186.11.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490707/; classtype:trojan-activity;sid:84353807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.234.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490708/; classtype:trojan-activity;sid:84353808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.71.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490709/; classtype:trojan-activity;sid:84353809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.156.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490704/; classtype:trojan-activity;sid:84353804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.191.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490703/; classtype:trojan-activity;sid:84353803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"140.255.141.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490702/; classtype:trojan-activity;sid:84353802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490700/; classtype:trojan-activity;sid:84353800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490701/; classtype:trojan-activity;sid:84353801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.126.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490699/; classtype:trojan-activity;sid:84353799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.149.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490698/; classtype:trojan-activity;sid:84353798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.34.220.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490697/; classtype:trojan-activity;sid:84353797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.93.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490696/; classtype:trojan-activity;sid:84353796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490694/; classtype:trojan-activity;sid:84353794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490695/; classtype:trojan-activity;sid:84353795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.25.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490693/; classtype:trojan-activity;sid:84353793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.46.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490690/; classtype:trojan-activity;sid:84353790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.55.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490691/; classtype:trojan-activity;sid:84353791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.149.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490692/; classtype:trojan-activity;sid:84353792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.129.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490689/; classtype:trojan-activity;sid:84353789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.106.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490688/; classtype:trojan-activity;sid:84353788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490687/; classtype:trojan-activity;sid:84353787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.41.44"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490686/; classtype:trojan-activity;sid:84353786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.15.251"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490685/; classtype:trojan-activity;sid:84353785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.3.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490684/; classtype:trojan-activity;sid:84353784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.116.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490683/; classtype:trojan-activity;sid:84353783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.83.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490682/; classtype:trojan-activity;sid:84353782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.95.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490681/; classtype:trojan-activity;sid:84353781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.96.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490680/; classtype:trojan-activity;sid:84353780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.109.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490679/; classtype:trojan-activity;sid:84353779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.150.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490677/; classtype:trojan-activity;sid:84353777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.93.35.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490678/; classtype:trojan-activity;sid:84353778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.249.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490676/; classtype:trojan-activity;sid:84353776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.40.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490675/; classtype:trojan-activity;sid:84353775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.24.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490674/; classtype:trojan-activity;sid:84353774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.41.44"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490673/; classtype:trojan-activity;sid:84353773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.129.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490672/; classtype:trojan-activity;sid:84353772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.209.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490671/; classtype:trojan-activity;sid:84353771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.243.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490670/; classtype:trojan-activity;sid:84353770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.131.92.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490669/; classtype:trojan-activity;sid:84353769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.31.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490668/; classtype:trojan-activity;sid:84353768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.180.185.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490667/; classtype:trojan-activity;sid:84353767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.96.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490666/; classtype:trojan-activity;sid:84353766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.96.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490665/; classtype:trojan-activity;sid:84353765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.240.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490664/; classtype:trojan-activity;sid:84353764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490663)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"222.185.162.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490663/; classtype:trojan-activity;sid:84353763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.109.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490662/; classtype:trojan-activity;sid:84353762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490661/; classtype:trojan-activity;sid:84353761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.95.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490660/; classtype:trojan-activity;sid:84353760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490659)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.144.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490659/; classtype:trojan-activity;sid:84353759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490658)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.144.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490658/; classtype:trojan-activity;sid:84353758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490647)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.144.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490647/; classtype:trojan-activity;sid:84353747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490648)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.144.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490648/; classtype:trojan-activity;sid:84353748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490649)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.144.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490649/; classtype:trojan-activity;sid:84353749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490650)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.144.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490650/; classtype:trojan-activity;sid:84353750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490651)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.144.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490651/; classtype:trojan-activity;sid:84353751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490652)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.144.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490652/; classtype:trojan-activity;sid:84353752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490653)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.144.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490653/; classtype:trojan-activity;sid:84353753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490654)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.144.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490654/; classtype:trojan-activity;sid:84353754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490655)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.144.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490655/; classtype:trojan-activity;sid:84353755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.93.35.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490656/; classtype:trojan-activity;sid:84353756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490657)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.144.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490657/; classtype:trojan-activity;sid:84353757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.24.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490646/; classtype:trojan-activity;sid:84353746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.163.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490645/; classtype:trojan-activity;sid:84353745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.24.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490643/; classtype:trojan-activity;sid:84353743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.96.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490644/; classtype:trojan-activity;sid:84353744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.129.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490642/; classtype:trojan-activity;sid:84353742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.95.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490641/; classtype:trojan-activity;sid:84353741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.172.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490640/; classtype:trojan-activity;sid:84353740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.249.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490639/; classtype:trojan-activity;sid:84353739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.182.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490638/; classtype:trojan-activity;sid:84353738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.185.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490637/; classtype:trojan-activity;sid:84353737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.31.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490636/; classtype:trojan-activity;sid:84353736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.60.106.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490635/; classtype:trojan-activity;sid:84353735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.77.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490634/; classtype:trojan-activity;sid:84353734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.60.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490633/; classtype:trojan-activity;sid:84353733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.191.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490632/; classtype:trojan-activity;sid:84353732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.217.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490631/; classtype:trojan-activity;sid:84353731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.255.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490630/; classtype:trojan-activity;sid:84353730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.95.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490629/; classtype:trojan-activity;sid:84353729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490628)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.zynyx.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490628/; classtype:trojan-activity;sid:84353728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.117.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490627/; classtype:trojan-activity;sid:84353727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.249.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490626/; classtype:trojan-activity;sid:84353726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.24.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490625/; classtype:trojan-activity;sid:84353725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.129.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490624/; classtype:trojan-activity;sid:84353724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.191.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490623/; classtype:trojan-activity;sid:84353723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.196.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490622/; classtype:trojan-activity;sid:84353722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.119.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490621/; classtype:trojan-activity;sid:84353721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.153.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490620/; classtype:trojan-activity;sid:84353720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.60.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490619/; classtype:trojan-activity;sid:84353719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.100.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490618/; classtype:trojan-activity;sid:84353718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.52.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490617/; classtype:trojan-activity;sid:84353717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.11.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490616/; classtype:trojan-activity;sid:84353716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.147.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490615/; classtype:trojan-activity;sid:84353715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.19.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490614/; classtype:trojan-activity;sid:84353714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.182.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490613/; classtype:trojan-activity;sid:84353713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.94.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490612/; classtype:trojan-activity;sid:84353712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.225.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490611/; classtype:trojan-activity;sid:84353711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.138.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490610/; classtype:trojan-activity;sid:84353710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.52.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490609/; classtype:trojan-activity;sid:84353709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.205.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490608/; classtype:trojan-activity;sid:84353708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.196.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490607/; classtype:trojan-activity;sid:84353707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.14.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490605/; classtype:trojan-activity;sid:84353705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.16.164.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490606/; classtype:trojan-activity;sid:84353706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.119.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490604/; classtype:trojan-activity;sid:84353704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.128.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490603/; classtype:trojan-activity;sid:84353703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.19.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490602/; classtype:trojan-activity;sid:84353702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.100.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490601/; classtype:trojan-activity;sid:84353701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.186.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490600/; classtype:trojan-activity;sid:84353700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.147.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490599/; classtype:trojan-activity;sid:84353699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.220.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490598/; classtype:trojan-activity;sid:84353698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.159.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490597/; classtype:trojan-activity;sid:84353697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.161.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490596/; classtype:trojan-activity;sid:84353696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.225.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490595/; classtype:trojan-activity;sid:84353695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.134.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490593/; classtype:trojan-activity;sid:84353693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.210.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490594/; classtype:trojan-activity;sid:84353694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.205.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490592/; classtype:trojan-activity;sid:84353692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.30.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490591/; classtype:trojan-activity;sid:84353691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.167.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490590/; classtype:trojan-activity;sid:84353690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.16.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490589/; classtype:trojan-activity;sid:84353689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.0.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490587/; classtype:trojan-activity;sid:84353687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.16.164.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490588/; classtype:trojan-activity;sid:84353688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.177.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490586/; classtype:trojan-activity;sid:84353686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.102.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490585/; classtype:trojan-activity;sid:84353685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.130.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490584/; classtype:trojan-activity;sid:84353684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.8.203"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490583/; classtype:trojan-activity;sid:84353683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.159.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490582/; classtype:trojan-activity;sid:84353682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.94.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490581/; classtype:trojan-activity;sid:84353681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.14.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490580/; classtype:trojan-activity;sid:84353680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.220.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490579/; classtype:trojan-activity;sid:84353679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.186.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490578/; classtype:trojan-activity;sid:84353678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.70.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490577/; classtype:trojan-activity;sid:84353677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.49.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490576/; classtype:trojan-activity;sid:84353676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490575/; classtype:trojan-activity;sid:84353675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.177.223.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490574/; classtype:trojan-activity;sid:84353674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.80.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3490573/; classtype:trojan-activity;sid:84353673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.25.120"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490572/; classtype:trojan-activity;sid:84353672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.153.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490571/; classtype:trojan-activity;sid:84353671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490569)"; flow:established,from_client; content:"GET"; http_method; content:"/profilelayout"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"staff.tompsettsportslaw.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490569/; classtype:trojan-activity;sid:84353669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.30.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490570/; classtype:trojan-activity;sid:84353670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.102.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490568/; classtype:trojan-activity;sid:84353668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.130.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490567/; classtype:trojan-activity;sid:84353667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.167.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490566/; classtype:trojan-activity;sid:84353666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.173.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490565/; classtype:trojan-activity;sid:84353665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.54.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490564/; classtype:trojan-activity;sid:84353664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.113.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490563/; classtype:trojan-activity;sid:84353663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.57.53"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490562/; classtype:trojan-activity;sid:84353662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.32.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490561/; classtype:trojan-activity;sid:84353661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.173.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490560/; classtype:trojan-activity;sid:84353660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490559/; classtype:trojan-activity;sid:84353659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.19.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490558/; classtype:trojan-activity;sid:84353658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.54.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490555/; classtype:trojan-activity;sid:84353655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.94.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490556/; classtype:trojan-activity;sid:84353656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.235.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490557/; classtype:trojan-activity;sid:84353657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490554)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"61.7.209.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490554/; classtype:trojan-activity;sid:84353654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.113.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490553/; classtype:trojan-activity;sid:84353653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.175.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490552/; classtype:trojan-activity;sid:84353652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490551/; classtype:trojan-activity;sid:84353651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.180.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490550/; classtype:trojan-activity;sid:84353650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.57.53"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490549/; classtype:trojan-activity;sid:84353649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.34.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490547/; classtype:trojan-activity;sid:84353647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.208.132.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490548/; classtype:trojan-activity;sid:84353648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.146.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490546/; classtype:trojan-activity;sid:84353646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.88.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490545/; classtype:trojan-activity;sid:84353645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.193.168.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490544/; classtype:trojan-activity;sid:84353644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490543/; classtype:trojan-activity;sid:84353643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.208.132.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490542/; classtype:trojan-activity;sid:84353642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.175.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490541/; classtype:trojan-activity;sid:84353641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.122.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490540/; classtype:trojan-activity;sid:84353640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.34.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490539/; classtype:trojan-activity;sid:84353639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.180.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490538/; classtype:trojan-activity;sid:84353638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.146.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490536/; classtype:trojan-activity;sid:84353636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.29.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490537/; classtype:trojan-activity;sid:84353637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.8.203"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490535/; classtype:trojan-activity;sid:84353635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.5.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490534/; classtype:trojan-activity;sid:84353634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.131.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490533/; classtype:trojan-activity;sid:84353633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.149.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490531/; classtype:trojan-activity;sid:84353631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.183.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490532/; classtype:trojan-activity;sid:84353632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.164.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490530/; classtype:trojan-activity;sid:84353630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.193.168.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490529/; classtype:trojan-activity;sid:84353629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.77.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490528/; classtype:trojan-activity;sid:84353628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.223.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490527/; classtype:trojan-activity;sid:84353627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.29.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490526/; classtype:trojan-activity;sid:84353626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.5.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490525/; classtype:trojan-activity;sid:84353625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.236.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490524/; classtype:trojan-activity;sid:84353624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.241.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490523/; classtype:trojan-activity;sid:84353623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.164.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490522/; classtype:trojan-activity;sid:84353622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.149.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490521/; classtype:trojan-activity;sid:84353621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.92.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490520/; classtype:trojan-activity;sid:84353620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490518/; classtype:trojan-activity;sid:84353618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.88.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490519/; classtype:trojan-activity;sid:84353619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.161.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490517/; classtype:trojan-activity;sid:84353617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.1.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490516/; classtype:trojan-activity;sid:84353616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.22.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490515/; classtype:trojan-activity;sid:84353615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.142.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490514/; classtype:trojan-activity;sid:84353614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.127.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490513/; classtype:trojan-activity;sid:84353613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.229.76.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490512/; classtype:trojan-activity;sid:84353612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.241.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490511/; classtype:trojan-activity;sid:84353611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.114.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490510/; classtype:trojan-activity;sid:84353610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.223.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490509/; classtype:trojan-activity;sid:84353609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490507/; classtype:trojan-activity;sid:84353607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.88.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490508/; classtype:trojan-activity;sid:84353608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.181.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490506/; classtype:trojan-activity;sid:84353606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.236.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490505/; classtype:trojan-activity;sid:84353605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490504/; classtype:trojan-activity;sid:84353604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490503/; classtype:trojan-activity;sid:84353603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.114.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490502/; classtype:trojan-activity;sid:84353602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.127.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490501/; classtype:trojan-activity;sid:84353601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.142.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490500/; classtype:trojan-activity;sid:84353600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.11.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490499/; classtype:trojan-activity;sid:84353599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490498)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.cohor.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490498/; classtype:trojan-activity;sid:84353598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.121.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490497/; classtype:trojan-activity;sid:84353597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.112.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490496/; classtype:trojan-activity;sid:84353596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.109.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490495/; classtype:trojan-activity;sid:84353595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.252.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490494/; classtype:trojan-activity;sid:84353594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.133.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490493/; classtype:trojan-activity;sid:84353593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490489/; classtype:trojan-activity;sid:84353589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.222.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490490/; classtype:trojan-activity;sid:84353590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.0.27.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490491/; classtype:trojan-activity;sid:84353591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.91.97.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490492/; classtype:trojan-activity;sid:84353592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.27.39.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490487/; classtype:trojan-activity;sid:84353587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.93.35.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490488/; classtype:trojan-activity;sid:84353588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.233.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490484/; classtype:trojan-activity;sid:84353584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490485)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.159.96.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490485/; classtype:trojan-activity;sid:84353585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490486)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490486/; classtype:trojan-activity;sid:84353586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490483/; classtype:trojan-activity;sid:84353583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.92.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490482/; classtype:trojan-activity;sid:84353582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.1.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490481/; classtype:trojan-activity;sid:84353581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.223.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490480/; classtype:trojan-activity;sid:84353580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.5.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490479/; classtype:trojan-activity;sid:84353579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.229.76.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490478/; classtype:trojan-activity;sid:84353578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.94.67.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490477/; classtype:trojan-activity;sid:84353577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.135.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490476/; classtype:trojan-activity;sid:84353576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.133.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490475/; classtype:trojan-activity;sid:84353575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.112.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490474/; classtype:trojan-activity;sid:84353574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.29.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490473/; classtype:trojan-activity;sid:84353573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.15.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490472/; classtype:trojan-activity;sid:84353572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.71.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490471/; classtype:trojan-activity;sid:84353571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.226.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490470/; classtype:trojan-activity;sid:84353570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490469/; classtype:trojan-activity;sid:84353569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.34.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490468/; classtype:trojan-activity;sid:84353568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.61.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490466/; classtype:trojan-activity;sid:84353566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.63.201.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490467/; classtype:trojan-activity;sid:84353567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.15.251"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490465/; classtype:trojan-activity;sid:84353565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.94.67.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490464/; classtype:trojan-activity;sid:84353564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.230.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490463/; classtype:trojan-activity;sid:84353563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.208.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490462/; classtype:trojan-activity;sid:84353562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.177.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490461/; classtype:trojan-activity;sid:84353561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.71.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490460/; classtype:trojan-activity;sid:84353560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.201.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490459/; classtype:trojan-activity;sid:84353559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490458)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.ledax.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490458/; classtype:trojan-activity;sid:84353558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.226.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490457/; classtype:trojan-activity;sid:84353557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.5.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490456/; classtype:trojan-activity;sid:84353556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490455)"; flow:established,from_client; content:"GET"; http_method; content:"/zakariaadan/alx-low_level_programming/releases/download/v1.0.0/application.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490455/; classtype:trojan-activity;sid:84353555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.82.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490454/; classtype:trojan-activity;sid:84353554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.82.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490453/; classtype:trojan-activity;sid:84353553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.94.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490452/; classtype:trojan-activity;sid:84353552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.177.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490451/; classtype:trojan-activity;sid:84353551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.164.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490450/; classtype:trojan-activity;sid:84353550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.206.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490448/; classtype:trojan-activity;sid:84353548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.230.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490449/; classtype:trojan-activity;sid:84353549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.205.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490447/; classtype:trojan-activity;sid:84353547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.165.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490446/; classtype:trojan-activity;sid:84353546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.5.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490445/; classtype:trojan-activity;sid:84353545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.150.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490444/; classtype:trojan-activity;sid:84353544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.74.120.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490443/; classtype:trojan-activity;sid:84353543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490442)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.dymab.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490442/; classtype:trojan-activity;sid:84353542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.88.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490441/; classtype:trojan-activity;sid:84353541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.131.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490440/; classtype:trojan-activity;sid:84353540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.167.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490439/; classtype:trojan-activity;sid:84353539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490438)"; flow:established,from_client; content:"GET"; http_method; content:"/kenzie299312/hack-crypto-wallet/releases/download/v1.9.0-alpha.1/hack-crypto-wallet-v1.9.0-alpha.1.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490438/; classtype:trojan-activity;sid:84353538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490437)"; flow:established,from_client; content:"GET"; http_method; content:"/kenzie299312/hack-crypto-wallet/releases/download/3.7.6/hack-crypto-wallet_v3.7.6.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490437/; classtype:trojan-activity;sid:84353537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.73.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490436/; classtype:trojan-activity;sid:84353536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.46.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490435/; classtype:trojan-activity;sid:84353535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.16.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490434/; classtype:trojan-activity;sid:84353534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.164.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490433/; classtype:trojan-activity;sid:84353533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490432)"; flow:established,from_client; content:"GET"; http_method; content:"/phamkhanhhung208/assets/refs/heads/master/launcher.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490432/; classtype:trojan-activity;sid:84353532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.68.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490431/; classtype:trojan-activity;sid:84353531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.205.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490430/; classtype:trojan-activity;sid:84353530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.88.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490429/; classtype:trojan-activity;sid:84353529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.39.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490428/; classtype:trojan-activity;sid:84353528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490427)"; flow:established,from_client; content:"GET"; http_method; content:"/rafael1679/assets/refs/heads/master/launcher.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490427/; classtype:trojan-activity;sid:84353527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.73.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490426/; classtype:trojan-activity;sid:84353526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.131.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490425/; classtype:trojan-activity;sid:84353525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.234.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490424/; classtype:trojan-activity;sid:84353524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490423)"; flow:established,from_client; content:"GET"; http_method; content:"/nordpasssetup.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"367524bins7923.b-cdn.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490423/; classtype:trojan-activity;sid:84353523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490421)"; flow:established,from_client; content:"GET"; http_method; content:"/mrfgwjk.bat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"kick.eu.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490421/; classtype:trojan-activity;sid:84353521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490420)"; flow:established,from_client; content:"GET"; http_method; content:"/r4sonllacm.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.defrostbrilliant.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490420/; classtype:trojan-activity;sid:84353520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.88.229.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490419/; classtype:trojan-activity;sid:84353519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.68.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490418/; classtype:trojan-activity;sid:84353518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.61.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490417/; classtype:trojan-activity;sid:84353517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.235.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490416/; classtype:trojan-activity;sid:84353516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.88.229.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490415/; classtype:trojan-activity;sid:84353515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.44.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490414/; classtype:trojan-activity;sid:84353514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.63.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490413/; classtype:trojan-activity;sid:84353513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.20.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490412/; classtype:trojan-activity;sid:84353512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.248.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490411/; classtype:trojan-activity;sid:84353511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.67.0.231"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490410/; classtype:trojan-activity;sid:84353510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490409)"; flow:established,from_client; content:"GET"; http_method; content:"/beast2122006/assignment/238415a963aab57f18fd2c2ef60995d7c0b39fe0/library.txt"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490409/; classtype:trojan-activity;sid:84353509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490408/; classtype:trojan-activity;sid:84353508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490407)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.130.136.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490407/; classtype:trojan-activity;sid:84353507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490406)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.130.136.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490406/; classtype:trojan-activity;sid:84353506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490405)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.120.19.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490405/; classtype:trojan-activity;sid:84353505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490404)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.120.19.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490404/; classtype:trojan-activity;sid:84353504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490403)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.130.136.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490403/; classtype:trojan-activity;sid:84353503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490402)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.120.19.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490402/; classtype:trojan-activity;sid:84353502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490401)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.119.33.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490401/; classtype:trojan-activity;sid:84353501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490400)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.228.15.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490400/; classtype:trojan-activity;sid:84353500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490399)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.119.33.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490399/; classtype:trojan-activity;sid:84353499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490397)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.119.33.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490397/; classtype:trojan-activity;sid:84353497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490398)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.22.95.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490398/; classtype:trojan-activity;sid:84353498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490393)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.228.15.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490393/; classtype:trojan-activity;sid:84353493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490394)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.119.33.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490394/; classtype:trojan-activity;sid:84353494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490395)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.119.33.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490395/; classtype:trojan-activity;sid:84353495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490396)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.119.33.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490396/; classtype:trojan-activity;sid:84353496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490388)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.130.136.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490388/; classtype:trojan-activity;sid:84353488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490389)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.130.136.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490389/; classtype:trojan-activity;sid:84353489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490390)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.120.19.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490390/; classtype:trojan-activity;sid:84353490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490391)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.120.19.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490391/; classtype:trojan-activity;sid:84353491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490392)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.120.19.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490392/; classtype:trojan-activity;sid:84353492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490387)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.130.136.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490387/; classtype:trojan-activity;sid:84353487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.234.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490386/; classtype:trojan-activity;sid:84353486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.188.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490385/; classtype:trojan-activity;sid:84353485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490384)"; flow:established,from_client; content:"GET"; http_method; content:"/azps/72.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bf-cm.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490384/; classtype:trojan-activity;sid:84353484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490382)"; flow:established,from_client; content:"GET"; http_method; content:"/azps/71.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bf-cm.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490382/; classtype:trojan-activity;sid:84353482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490383)"; flow:established,from_client; content:"GET"; http_method; content:"/azps/73.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bf-cm.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490383/; classtype:trojan-activity;sid:84353483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490381)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"114.254.46.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490381/; classtype:trojan-activity;sid:84353481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490380)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"114.254.47.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490380/; classtype:trojan-activity;sid:84353480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490379)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"114.254.46.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490379/; classtype:trojan-activity;sid:84353479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490378)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.254.47.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490378/; classtype:trojan-activity;sid:84353478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490377)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.254.47.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490377/; classtype:trojan-activity;sid:84353477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490375)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"114.254.46.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490375/; classtype:trojan-activity;sid:84353475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490376)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"114.254.47.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490376/; classtype:trojan-activity;sid:84353476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490370)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.254.46.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490370/; classtype:trojan-activity;sid:84353470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490371)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"114.254.47.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490371/; classtype:trojan-activity;sid:84353471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490372)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"114.254.47.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490372/; classtype:trojan-activity;sid:84353472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490373)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.254.46.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490373/; classtype:trojan-activity;sid:84353473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490374)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"114.254.46.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490374/; classtype:trojan-activity;sid:84353474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.67.0.231"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490369/; classtype:trojan-activity;sid:84353469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.239.140.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490365/; classtype:trojan-activity;sid:84353465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.108.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490366/; classtype:trojan-activity;sid:84353466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.52.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490367/; classtype:trojan-activity;sid:84353467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.252.106.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490368/; classtype:trojan-activity;sid:84353468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490362/; classtype:trojan-activity;sid:84353462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.190.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490363/; classtype:trojan-activity;sid:84353463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.91.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490364/; classtype:trojan-activity;sid:84353464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490361/; classtype:trojan-activity;sid:84353461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.147.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490360/; classtype:trojan-activity;sid:84353460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.19.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490359/; classtype:trojan-activity;sid:84353459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.19.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490358/; classtype:trojan-activity;sid:84353458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490356)"; flow:established,from_client; content:"GET"; http_method; content:"/marcin2123/actualka/raw/refs/heads/main/g354ff43hj67.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490356/; classtype:trojan-activity;sid:84353456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490357)"; flow:established,from_client; content:"GET"; http_method; content:"/marcin2123/actualka/raw/refs/heads/main/roblox_protected.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490357/; classtype:trojan-activity;sid:84353457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490354)"; flow:established,from_client; content:"GET"; http_method; content:"/marcin2123/actualka/raw/refs/heads/main/jajajdva.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490354/; classtype:trojan-activity;sid:84353454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490355)"; flow:established,from_client; content:"GET"; http_method; content:"/marcin2123/actualka/raw/refs/heads/main/crypted.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490355/; classtype:trojan-activity;sid:84353455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.108.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490353/; classtype:trojan-activity;sid:84353453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.41.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490352/; classtype:trojan-activity;sid:84353452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.27.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490351/; classtype:trojan-activity;sid:84353451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490350)"; flow:established,from_client; content:"GET"; http_method; content:"/ilganrat342/dertyom/refs/heads/main/setup.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490350/; classtype:trojan-activity;sid:84353450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490349)"; flow:established,from_client; content:"GET"; http_method; content:"/rh/setup.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"d3cciiowg5l3jx.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490349/; classtype:trojan-activity;sid:84353449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.123.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490348/; classtype:trojan-activity;sid:84353448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.37.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490347/; classtype:trojan-activity;sid:84353447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490346)"; flow:established,from_client; content:"GET"; http_method; content:"/setup.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"nbdownload.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490346/; classtype:trojan-activity;sid:84353446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.231.152.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490345/; classtype:trojan-activity;sid:84353445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.2.231"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490344/; classtype:trojan-activity;sid:84353444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.41.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490343/; classtype:trojan-activity;sid:84353443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.146.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490342/; classtype:trojan-activity;sid:84353442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.123.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490341/; classtype:trojan-activity;sid:84353441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.230.160.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490340/; classtype:trojan-activity;sid:84353440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.38.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490339/; classtype:trojan-activity;sid:84353439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.179.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490338/; classtype:trojan-activity;sid:84353438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490337/; classtype:trojan-activity;sid:84353437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.37.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490336/; classtype:trojan-activity;sid:84353436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490335)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/refs/heads/main/photoshopsetup.rar"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490335/; classtype:trojan-activity;sid:84353435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490333)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/refs/heads/main/photoshopsetup.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490333/; classtype:trojan-activity;sid:84353433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490334)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/refs/heads/main/adobe_photoshopsetups.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490334/; classtype:trojan-activity;sid:84353434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.152.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490332/; classtype:trojan-activity;sid:84353432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.2.231"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490331/; classtype:trojan-activity;sid:84353431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490330)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/knice/znicegreatveryspecialguestyourareforme.hta"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"217.154.55.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490330/; classtype:trojan-activity;sid:84353430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490328)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/refs/heads/main/windows.bat"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490328/; classtype:trojan-activity;sid:84353428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.118.159.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490329/; classtype:trojan-activity;sid:84353429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490327)"; flow:established,from_client; content:"GET"; http_method; content:"/ruthmooregmuax/ruthmooregmuax/refs/heads/main/system.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490327/; classtype:trojan-activity;sid:84353427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.38.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490326/; classtype:trojan-activity;sid:84353426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490325)"; flow:established,from_client; content:"GET"; http_method; content:"/txt/sciprhzt5yub9ql.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"104.245.241.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490325/; classtype:trojan-activity;sid:84353425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490324)"; flow:established,from_client; content:"GET"; http_method; content:"/tzz/tzz3.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"genfio.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490324/; classtype:trojan-activity;sid:84353424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490322)"; flow:established,from_client; content:"GET"; http_method; content:"/tzz/tzz1.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"genfio.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490322/; classtype:trojan-activity;sid:84353422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.254.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490323/; classtype:trojan-activity;sid:84353423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.179.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490321/; classtype:trojan-activity;sid:84353421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490318)"; flow:established,from_client; content:"GET"; http_method; content:"/tzz/tzz2.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"genfio.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490318/; classtype:trojan-activity;sid:84353418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490319)"; flow:established,from_client; content:"GET"; http_method; content:"/jhongiroldios22/backflip/raw/master/chromeupdate.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490319/; classtype:trojan-activity;sid:84353419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490320/; classtype:trojan-activity;sid:84353420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490317)"; flow:established,from_client; content:"GET"; http_method; content:"/tzz/tzz4.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"genfio.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490317/; classtype:trojan-activity;sid:84353417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490315)"; flow:established,from_client; content:"GET"; http_method; content:"/tzf/client32.ini"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"genfio.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490315/; classtype:trojan-activity;sid:84353415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.159.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490314/; classtype:trojan-activity;sid:84353414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490313)"; flow:established,from_client; content:"GET"; http_method; content:"/kammywammyman/boyboy/main/chromeupdate.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490313/; classtype:trojan-activity;sid:84353413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490312/; classtype:trojan-activity;sid:84353412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.177.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490311/; classtype:trojan-activity;sid:84353411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.189.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490310/; classtype:trojan-activity;sid:84353410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.17.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490309/; classtype:trojan-activity;sid:84353409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490308)"; flow:established,from_client; content:"GET"; http_method; content:"/opencart/system/library/cache/.cache/loader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"www.maxmoney.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490308/; classtype:trojan-activity;sid:84353408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490307)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.228.64.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490307/; classtype:trojan-activity;sid:84353407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490306)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490306/; classtype:trojan-activity;sid:84353406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490305)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.181.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490305/; classtype:trojan-activity;sid:84353405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490301)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490301/; classtype:trojan-activity;sid:84353401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490302)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490302/; classtype:trojan-activity;sid:84353402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490303)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490303/; classtype:trojan-activity;sid:84353403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490304)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.83.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490304/; classtype:trojan-activity;sid:84353404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.80.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490300/; classtype:trojan-activity;sid:84353400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.106.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490299/; classtype:trojan-activity;sid:84353399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.254.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490298/; classtype:trojan-activity;sid:84353398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.9.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490297/; classtype:trojan-activity;sid:84353397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.64.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490296/; classtype:trojan-activity;sid:84353396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.189.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490295/; classtype:trojan-activity;sid:84353395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490294)"; flow:established,from_client; content:"GET"; http_method; content:"/tacocat2222/materia-fivem/refs/heads/main/loader.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490294/; classtype:trojan-activity;sid:84353394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.7.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490293/; classtype:trojan-activity;sid:84353393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490283)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cnc.visionproxy.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490283/; classtype:trojan-activity;sid:84353383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490284)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnc.visionproxy.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490284/; classtype:trojan-activity;sid:84353384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490285)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnc.visionproxy.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490285/; classtype:trojan-activity;sid:84353385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490286)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnc.visionproxy.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490286/; classtype:trojan-activity;sid:84353386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490287)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnc.visionproxy.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490287/; classtype:trojan-activity;sid:84353387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490288)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cnc.visionproxy.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490288/; classtype:trojan-activity;sid:84353388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490289)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnc.visionproxy.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490289/; classtype:trojan-activity;sid:84353389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490290)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cnc.visionproxy.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490290/; classtype:trojan-activity;sid:84353390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490291)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cnc.visionproxy.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490291/; classtype:trojan-activity;sid:84353391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490292)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cnc.visionproxy.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490292/; classtype:trojan-activity;sid:84353392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490281)"; flow:established,from_client; content:"GET"; http_method; content:"/download/index.php"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"bltccin.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490281/; classtype:trojan-activity;sid:84353381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.106.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490280/; classtype:trojan-activity;sid:84353380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490278)"; flow:established,from_client; content:"GET"; http_method; content:"/quivingsnew/sadadads/refs/heads/main/8191032732_1740264845.vbs"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490278/; classtype:trojan-activity;sid:84353378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490279)"; flow:established,from_client; content:"GET"; http_method; content:"/quivingsnew/sadadads/refs/heads/main/vixenloader.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490279/; classtype:trojan-activity;sid:84353379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.7.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490276/; classtype:trojan-activity;sid:84353376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.64.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490277/; classtype:trojan-activity;sid:84353377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490275)"; flow:established,from_client; content:"GET"; http_method; content:"/client_main/loader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pandalovechair.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490275/; classtype:trojan-activity;sid:84353375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490274)"; flow:established,from_client; content:"GET"; http_method; content:"/files/loader.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kxz.netlify.app"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490274/; classtype:trojan-activity;sid:84353374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.225.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490273/; classtype:trojan-activity;sid:84353373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.254.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490272/; classtype:trojan-activity;sid:84353372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.147.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490271/; classtype:trojan-activity;sid:84353371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.251.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490270/; classtype:trojan-activity;sid:84353370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.180.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490269/; classtype:trojan-activity;sid:84353369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.225.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490268/; classtype:trojan-activity;sid:84353368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.113.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490267/; classtype:trojan-activity;sid:84353367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.70.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490266/; classtype:trojan-activity;sid:84353366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490265/; classtype:trojan-activity;sid:84353365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.180.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490264/; classtype:trojan-activity;sid:84353364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490263/; classtype:trojan-activity;sid:84353363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.90.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490261/; classtype:trojan-activity;sid:84353361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.170.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490262/; classtype:trojan-activity;sid:84353362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.196.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490260/; classtype:trojan-activity;sid:84353360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.255.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490259/; classtype:trojan-activity;sid:84353359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.94.215.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490255/; classtype:trojan-activity;sid:84353355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.159.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490256/; classtype:trojan-activity;sid:84353356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.138.12.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490257/; classtype:trojan-activity;sid:84353357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.147.65.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490258/; classtype:trojan-activity;sid:84353358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490254)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.22.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490254/; classtype:trojan-activity;sid:84353354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.157.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490253/; classtype:trojan-activity;sid:84353353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490252)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.220.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490252/; classtype:trojan-activity;sid:84353352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.87.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490251/; classtype:trojan-activity;sid:84353351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.106.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490250/; classtype:trojan-activity;sid:84353350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490248/; classtype:trojan-activity;sid:84353348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490249/; classtype:trojan-activity;sid:84353349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.173.211.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490247/; classtype:trojan-activity;sid:84353347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.232.123.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490244/; classtype:trojan-activity;sid:84353344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.159.96.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490245/; classtype:trojan-activity;sid:84353345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.123.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490246/; classtype:trojan-activity;sid:84353346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.147.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490243/; classtype:trojan-activity;sid:84353343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.225.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490242/; classtype:trojan-activity;sid:84353342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.90.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490241/; classtype:trojan-activity;sid:84353341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.2.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490240/; classtype:trojan-activity;sid:84353340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.46.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490239/; classtype:trojan-activity;sid:84353339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.225.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490238/; classtype:trojan-activity;sid:84353338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.144.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490237/; classtype:trojan-activity;sid:84353337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.19.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490236/; classtype:trojan-activity;sid:84353336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490235)"; flow:established,from_client; content:"GET"; http_method; content:"/dl18"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490235/; classtype:trojan-activity;sid:84353335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.249.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490234/; classtype:trojan-activity;sid:84353334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.158.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490233/; classtype:trojan-activity;sid:84353333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.19.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490232/; classtype:trojan-activity;sid:84353332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490231)"; flow:established,from_client; content:"GET"; http_method; content:"/bins//sync.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490231/; classtype:trojan-activity;sid:84353331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490227)"; flow:established,from_client; content:"GET"; http_method; content:"/bins//sync.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490227/; classtype:trojan-activity;sid:84353327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490228)"; flow:established,from_client; content:"GET"; http_method; content:"/bins//sync.superh"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490228/; classtype:trojan-activity;sid:84353328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490229)"; flow:established,from_client; content:"GET"; http_method; content:"/bins//sync.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490229/; classtype:trojan-activity;sid:84353329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.46.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490226/; classtype:trojan-activity;sid:84353326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490219)"; flow:established,from_client; content:"GET"; http_method; content:"/bins//sync.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490219/; classtype:trojan-activity;sid:84353319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490223)"; flow:established,from_client; content:"GET"; http_method; content:"/bins//sync.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490223/; classtype:trojan-activity;sid:84353323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490225)"; flow:established,from_client; content:"GET"; http_method; content:"/bins//sync.powerpc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490225/; classtype:trojan-activity;sid:84353325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.165.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490218/; classtype:trojan-activity;sid:84353318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.75.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490217/; classtype:trojan-activity;sid:84353317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.253.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490216/; classtype:trojan-activity;sid:84353316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490215)"; flow:established,from_client; content:"GET"; http_method; content:"/8tsavghf9p.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.defrostbrilliant.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490215/; classtype:trojan-activity;sid:84353315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.118.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490214/; classtype:trojan-activity;sid:84353314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.16.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490213/; classtype:trojan-activity;sid:84353313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.245.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490212/; classtype:trojan-activity;sid:84353312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.217.247.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490211/; classtype:trojan-activity;sid:84353311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.140.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490210/; classtype:trojan-activity;sid:84353310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.129.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490209/; classtype:trojan-activity;sid:84353309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.248.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490208/; classtype:trojan-activity;sid:84353308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.123.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490207/; classtype:trojan-activity;sid:84353307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.118.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490206/; classtype:trojan-activity;sid:84353306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.241.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490205/; classtype:trojan-activity;sid:84353305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.75.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490204/; classtype:trojan-activity;sid:84353304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.158.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490203/; classtype:trojan-activity;sid:84353303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.245.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490202/; classtype:trojan-activity;sid:84353302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.181.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490201/; classtype:trojan-activity;sid:84353301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490200)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/0erq2y5mot1ralfzd8rx1/gatorispace.ppkg|3f|rlkey=88l4k05e3g4pzp05hdg9zozc5|7c|26|7c|st=pndigk5p|7c|26|7c|dl=1"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490200/; classtype:trojan-activity;sid:84353300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.140.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490199/; classtype:trojan-activity;sid:84353299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490197)"; flow:established,from_client; content:"GET"; http_method; content:"/js/x.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"175.112.170.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490197/; classtype:trojan-activity;sid:84353297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490198)"; flow:established,from_client; content:"GET"; http_method; content:"/js/x.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"175.112.170.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490198/; classtype:trojan-activity;sid:84353298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490195)"; flow:established,from_client; content:"GET"; http_method; content:"/js/config.json"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"175.112.170.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490195/; classtype:trojan-activity;sid:84353295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.66.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490196/; classtype:trojan-activity;sid:84353296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490191)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lr.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"175.112.170.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490191/; classtype:trojan-activity;sid:84353291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490192)"; flow:established,from_client; content:"GET"; http_method; content:"/js/apache.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"175.112.170.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490192/; classtype:trojan-activity;sid:84353292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490193)"; flow:established,from_client; content:"GET"; http_method; content:"/js/lr.ps1"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.112.170.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490193/; classtype:trojan-activity;sid:84353293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490190)"; flow:established,from_client; content:"GET"; http_method; content:"/cd/0/get/cmjttotoc8iivangr_wwyf7oh4_mw-qdhvlnzcr2fun3ellc73d78u9r0ve5mrjq87arm0ar5e_yvboydjh_lbfzux8en_rahp6jvsvjvsdag639p7b8kdagtem4wnhadopb-_9hwjcu-ivnvylztbzt/file|3f|dl=1"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"ucf32cd14cd8a84688401dc10570.dl.dropboxusercontent.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490190/; classtype:trojan-activity;sid:84353290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.135.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490189/; classtype:trojan-activity;sid:84353289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.48.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490188/; classtype:trojan-activity;sid:84353288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.132.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490187/; classtype:trojan-activity;sid:84353287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.241.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490186/; classtype:trojan-activity;sid:84353286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.201.49.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490185/; classtype:trojan-activity;sid:84353285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.27.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490184/; classtype:trojan-activity;sid:84353284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.135.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490183/; classtype:trojan-activity;sid:84353283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.132.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490182/; classtype:trojan-activity;sid:84353282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.21.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490181/; classtype:trojan-activity;sid:84353281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.148.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490180/; classtype:trojan-activity;sid:84353280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.247.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490179/; classtype:trojan-activity;sid:84353279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.121.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490178/; classtype:trojan-activity;sid:84353278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.124.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490177/; classtype:trojan-activity;sid:84353277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.116.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490176/; classtype:trojan-activity;sid:84353276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.148.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490175/; classtype:trojan-activity;sid:84353275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.126.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490174/; classtype:trojan-activity;sid:84353274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490173)"; flow:established,from_client; content:"GET"; http_method; content:"/584qhvz0s3.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.defrostbrilliant.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490173/; classtype:trojan-activity;sid:84353273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.85.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490172/; classtype:trojan-activity;sid:84353272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.87.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490171/; classtype:trojan-activity;sid:84353271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.106.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490170/; classtype:trojan-activity;sid:84353270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490168)"; flow:established,from_client; content:"GET"; http_method; content:"/hy"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490168/; classtype:trojan-activity;sid:84353268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490169)"; flow:established,from_client; content:"GET"; http_method; content:"/sea.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490169/; classtype:trojan-activity;sid:84353269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490164)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490164/; classtype:trojan-activity;sid:84353264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490165)"; flow:established,from_client; content:"GET"; http_method; content:"/garm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490165/; classtype:trojan-activity;sid:84353265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490166)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490166/; classtype:trojan-activity;sid:84353266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490167)"; flow:established,from_client; content:"GET"; http_method; content:"/karm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490167/; classtype:trojan-activity;sid:84353267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.46.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490144/; classtype:trojan-activity;sid:84353244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490145/; classtype:trojan-activity;sid:84353245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490146)"; flow:established,from_client; content:"GET"; http_method; content:"/karm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490146/; classtype:trojan-activity;sid:84353246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490147)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490147/; classtype:trojan-activity;sid:84353247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490148)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490148/; classtype:trojan-activity;sid:84353248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490149)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490149/; classtype:trojan-activity;sid:84353249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490150)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490150/; classtype:trojan-activity;sid:84353250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490151)"; flow:established,from_client; content:"GET"; http_method; content:"/karm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490151/; classtype:trojan-activity;sid:84353251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490152)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490152/; classtype:trojan-activity;sid:84353252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490153)"; flow:established,from_client; content:"GET"; http_method; content:"/garm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490153/; classtype:trojan-activity;sid:84353253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490154)"; flow:established,from_client; content:"GET"; http_method; content:"/gmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490154/; classtype:trojan-activity;sid:84353254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490155)"; flow:established,from_client; content:"GET"; http_method; content:"/gmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490155/; classtype:trojan-activity;sid:84353255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490156)"; flow:established,from_client; content:"GET"; http_method; content:"/tsh4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490156/; classtype:trojan-activity;sid:84353256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490157)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490157/; classtype:trojan-activity;sid:84353257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490158)"; flow:established,from_client; content:"GET"; http_method; content:"/garm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490158/; classtype:trojan-activity;sid:84353258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490159)"; flow:established,from_client; content:"GET"; http_method; content:"/garm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490159/; classtype:trojan-activity;sid:84353259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490160)"; flow:established,from_client; content:"GET"; http_method; content:"/gx86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490160/; classtype:trojan-activity;sid:84353260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490161)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490161/; classtype:trojan-activity;sid:84353261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490162/; classtype:trojan-activity;sid:84353262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490163)"; flow:established,from_client; content:"GET"; http_method; content:"/kmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490163/; classtype:trojan-activity;sid:84353263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490143)"; flow:established,from_client; content:"GET"; http_method; content:"/nimips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490143/; classtype:trojan-activity;sid:84353243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490141)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490141/; classtype:trojan-activity;sid:84353241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.121.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490142/; classtype:trojan-activity;sid:84353242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.35.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490140/; classtype:trojan-activity;sid:84353240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.141.32.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490139/; classtype:trojan-activity;sid:84353239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.95.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490138/; classtype:trojan-activity;sid:84353238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.246.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490137/; classtype:trojan-activity;sid:84353237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.69.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490136/; classtype:trojan-activity;sid:84353236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.124.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490135/; classtype:trojan-activity;sid:84353235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.87.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490133/; classtype:trojan-activity;sid:84353233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.33.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490134/; classtype:trojan-activity;sid:84353234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.177.28.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490132/; classtype:trojan-activity;sid:84353232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.66.164.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490131/; classtype:trojan-activity;sid:84353231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.27.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490130/; classtype:trojan-activity;sid:84353230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490125)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.9.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490125/; classtype:trojan-activity;sid:84353225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.133.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490126/; classtype:trojan-activity;sid:84353226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.77.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490127/; classtype:trojan-activity;sid:84353227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490128/; classtype:trojan-activity;sid:84353228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490129/; classtype:trojan-activity;sid:84353229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.121.69.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490124/; classtype:trojan-activity;sid:84353224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490123)"; flow:established,from_client; content:"GET"; http_method; content:"/let/s%20compress.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.letscompress.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490123/; classtype:trojan-activity;sid:84353223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490121)"; flow:established,from_client; content:"GET"; http_method; content:"/let/s%20compress.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"letscompress.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490121/; classtype:trojan-activity;sid:84353221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490122)"; flow:established,from_client; content:"GET"; http_method; content:"/let/s%20compress.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"lets-compress.pages.dev"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490122/; classtype:trojan-activity;sid:84353222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490120)"; flow:established,from_client; content:"GET"; http_method; content:"/let/s%20compress.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"letscompress.online"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490120/; classtype:trojan-activity;sid:84353220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.46.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490119/; classtype:trojan-activity;sid:84353219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.141.32.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490118/; classtype:trojan-activity;sid:84353218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.106.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490117/; classtype:trojan-activity;sid:84353217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.146.39.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490116/; classtype:trojan-activity;sid:84353216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490115)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bot.dstats.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490115/; classtype:trojan-activity;sid:84353215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490112)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bot.dstats.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490112/; classtype:trojan-activity;sid:84353212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490113)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"bot.dstats.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490113/; classtype:trojan-activity;sid:84353213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490114)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bot.dstats.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490114/; classtype:trojan-activity;sid:84353214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490103)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bot.dstats.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490103/; classtype:trojan-activity;sid:84353203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490104)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bot.dstats.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490104/; classtype:trojan-activity;sid:84353204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490105)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bot.dstats.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490105/; classtype:trojan-activity;sid:84353205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490106)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bot.dstats.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490106/; classtype:trojan-activity;sid:84353206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490107)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bot.dstats.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490107/; classtype:trojan-activity;sid:84353207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490108)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bot.dstats.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490108/; classtype:trojan-activity;sid:84353208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490109)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bot.dstats.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490109/; classtype:trojan-activity;sid:84353209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490110)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bot.dstats.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490110/; classtype:trojan-activity;sid:84353210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490111)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bot.dstats.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490111/; classtype:trojan-activity;sid:84353211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.33.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490102/; classtype:trojan-activity;sid:84353202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.158.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490101/; classtype:trojan-activity;sid:84353201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.177.28.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490100/; classtype:trojan-activity;sid:84353200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.124.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490099/; classtype:trojan-activity;sid:84353199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.126.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490098/; classtype:trojan-activity;sid:84353198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.244.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490097/; classtype:trojan-activity;sid:84353197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.95.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490096/; classtype:trojan-activity;sid:84353196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.153.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490095/; classtype:trojan-activity;sid:84353195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.229.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490094/; classtype:trojan-activity;sid:84353194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.146.39.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490093/; classtype:trojan-activity;sid:84353193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490092/; classtype:trojan-activity;sid:84353192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490091/; classtype:trojan-activity;sid:84353191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.58.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490090/; classtype:trojan-activity;sid:84353190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.158.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490089/; classtype:trojan-activity;sid:84353189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.146.69.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490088/; classtype:trojan-activity;sid:84353188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.241.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490087/; classtype:trojan-activity;sid:84353187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.244.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490086/; classtype:trojan-activity;sid:84353186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.124.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490085/; classtype:trojan-activity;sid:84353185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.153.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490084/; classtype:trojan-activity;sid:84353184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.220.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490083/; classtype:trojan-activity;sid:84353183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.241.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490082/; classtype:trojan-activity;sid:84353182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.62.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490081/; classtype:trojan-activity;sid:84353181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.163.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490080/; classtype:trojan-activity;sid:84353180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.220.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490079/; classtype:trojan-activity;sid:84353179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.194.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490078/; classtype:trojan-activity;sid:84353178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.210.245.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490077/; classtype:trojan-activity;sid:84353177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.64.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490076/; classtype:trojan-activity;sid:84353176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.210.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490075/; classtype:trojan-activity;sid:84353175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.34.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490074/; classtype:trojan-activity;sid:84353174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.161.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490073/; classtype:trojan-activity;sid:84353173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.179.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490072/; classtype:trojan-activity;sid:84353172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.28.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490071/; classtype:trojan-activity;sid:84353171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490070)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ywmgszpn"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490070/; classtype:trojan-activity;sid:84353170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.245.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490069/; classtype:trojan-activity;sid:84353169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490068/; classtype:trojan-activity;sid:84353168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.161.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490067/; classtype:trojan-activity;sid:84353167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.6.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490066/; classtype:trojan-activity;sid:84353166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.28.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490065/; classtype:trojan-activity;sid:84353165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.171.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490064/; classtype:trojan-activity;sid:84353164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490059)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sync.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490059/; classtype:trojan-activity;sid:84353159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490060)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sync.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490060/; classtype:trojan-activity;sid:84353160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490061)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sync.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490061/; classtype:trojan-activity;sid:84353161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490062)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sync.arm4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490062/; classtype:trojan-activity;sid:84353162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490063)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sync.mipsel"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490063/; classtype:trojan-activity;sid:84353163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.210.209.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490058/; classtype:trojan-activity;sid:84353158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.179.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490057/; classtype:trojan-activity;sid:84353157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.176.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490056/; classtype:trojan-activity;sid:84353156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.113.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490055/; classtype:trojan-activity;sid:84353155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.255.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490054/; classtype:trojan-activity;sid:84353154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.34.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490053/; classtype:trojan-activity;sid:84353153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.255.176.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490052/; classtype:trojan-activity;sid:84353152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.213.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490051/; classtype:trojan-activity;sid:84353151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.6.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490050/; classtype:trojan-activity;sid:84353150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490049/; classtype:trojan-activity;sid:84353149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.168.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490048/; classtype:trojan-activity;sid:84353148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.217.229.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490047/; classtype:trojan-activity;sid:84353147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.231.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490045/; classtype:trojan-activity;sid:84353145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.115.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490046/; classtype:trojan-activity;sid:84353146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.51.173.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490042/; classtype:trojan-activity;sid:84353142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.41.108.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490043/; classtype:trojan-activity;sid:84353143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.53.216.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490044/; classtype:trojan-activity;sid:84353144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.159.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490041/; classtype:trojan-activity;sid:84353141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.176.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490040/; classtype:trojan-activity;sid:84353140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.182.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490039/; classtype:trojan-activity;sid:84353139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.37.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490037/; classtype:trojan-activity;sid:84353137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.2.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490038/; classtype:trojan-activity;sid:84353138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490036/; classtype:trojan-activity;sid:84353136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.113.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490035/; classtype:trojan-activity;sid:84353135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.213.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490034/; classtype:trojan-activity;sid:84353134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.132.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490033/; classtype:trojan-activity;sid:84353133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.255.176.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490032/; classtype:trojan-activity;sid:84353132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.255.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490031/; classtype:trojan-activity;sid:84353131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.102.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490030/; classtype:trojan-activity;sid:84353130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.210.209.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490029/; classtype:trojan-activity;sid:84353129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.91.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490028/; classtype:trojan-activity;sid:84353128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.32.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490027/; classtype:trojan-activity;sid:84353127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.132.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490026/; classtype:trojan-activity;sid:84353126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.168.190.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490025/; classtype:trojan-activity;sid:84353125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.62.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490024/; classtype:trojan-activity;sid:84353124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.62.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490023/; classtype:trojan-activity;sid:84353123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.17.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490022/; classtype:trojan-activity;sid:84353122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.174.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490021/; classtype:trojan-activity;sid:84353121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.29.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490020/; classtype:trojan-activity;sid:84353120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.132.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490019/; classtype:trojan-activity;sid:84353119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.91.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490018/; classtype:trojan-activity;sid:84353118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.167.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490017/; classtype:trojan-activity;sid:84353117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.236.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490016/; classtype:trojan-activity;sid:84353116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.27.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490015/; classtype:trojan-activity;sid:84353115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.112.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490014/; classtype:trojan-activity;sid:84353114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.168.190.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490013/; classtype:trojan-activity;sid:84353113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.62.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490012/; classtype:trojan-activity;sid:84353112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.226.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490011/; classtype:trojan-activity;sid:84353111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490010/; classtype:trojan-activity;sid:84353110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.29.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490009/; classtype:trojan-activity;sid:84353109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490008)"; flow:established,from_client; content:"GET"; http_method; content:"/277/shwork.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"172.245.123.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490008/; classtype:trojan-activity;sid:84353108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490007)"; flow:established,from_client; content:"GET"; http_method; content:"/992/goodisthebestthingsbetterwaytotellhimbestfor.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"172.245.191.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490007/; classtype:trojan-activity;sid:84353107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490006)"; flow:established,from_client; content:"GET"; http_method; content:"/d/dipcgadl/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490006/; classtype:trojan-activity;sid:84353106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490005)"; flow:established,from_client; content:"GET"; http_method; content:"/450/newwelcomedrinkforentireteammemebers.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"217.154.55.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490005/; classtype:trojan-activity;sid:84353105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490004)"; flow:established,from_client; content:"GET"; http_method; content:"/p/anonymous/0b7f8859152e447aa646012e8c9a43c3/files/29e67062d2264f31abe88f359f714c32/raw"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"paste.gg"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490004/; classtype:trojan-activity;sid:84353104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490003)"; flow:established,from_client; content:"GET"; http_method; content:"/p/anonymous/2b040963d52545cc979623fca8cb8a9b/files/bad24e1c210747a6ae0745e106ed7192/raw"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"paste.gg"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490003/; classtype:trojan-activity;sid:84353103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.167.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490002/; classtype:trojan-activity;sid:84353102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.85.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490001/; classtype:trojan-activity;sid:84353101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.112.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490000/; classtype:trojan-activity;sid:84353100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489999)"; flow:established,from_client; content:"GET"; http_method; content:"/backup/lizzkuzeu182.bin"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"upandover.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489999/; classtype:trojan-activity;sid:84353099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489998)"; flow:established,from_client; content:"GET"; http_method; content:"/backup/panegyrist.pcx"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"upandover.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489998/; classtype:trojan-activity;sid:84353098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.226.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489997/; classtype:trojan-activity;sid:84353097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489996)"; flow:established,from_client; content:"GET"; http_method; content:"/backup/groenland.qxd"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"upandover.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489996/; classtype:trojan-activity;sid:84353096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489995)"; flow:established,from_client; content:"GET"; http_method; content:"/backup/wzgmzpvsqdejit236.bin"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"upandover.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489995/; classtype:trojan-activity;sid:84353095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.236.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489994/; classtype:trojan-activity;sid:84353094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.105.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489993/; classtype:trojan-activity;sid:84353093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.244.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489992/; classtype:trojan-activity;sid:84353092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.180.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489991/; classtype:trojan-activity;sid:84353091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.59.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489990/; classtype:trojan-activity;sid:84353090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.38.217.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489989/; classtype:trojan-activity;sid:84353089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.0.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489988/; classtype:trojan-activity;sid:84353088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.223.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489987/; classtype:trojan-activity;sid:84353087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.74.120.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489986/; classtype:trojan-activity;sid:84353086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489985)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dbflp4n3at5majwqsuiar9v5cfq8uhok"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489985/; classtype:trojan-activity;sid:84353085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489984)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/kk/dukas.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"217.154.55.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489984/; classtype:trojan-activity;sid:84353084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489982)"; flow:established,from_client; content:"GET"; http_method; content:"/d/petznsh6/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489982/; classtype:trojan-activity;sid:84353082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489983)"; flow:established,from_client; content:"GET"; http_method; content:"/14/items/new_image_20250324/new_image.jpg"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ia800705.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489983/; classtype:trojan-activity;sid:84353083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.93.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489981/; classtype:trojan-activity;sid:84353081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"74.214.56.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489978/; classtype:trojan-activity;sid:84353078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.241.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489979/; classtype:trojan-activity;sid:84353079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489980)"; flow:established,from_client; content:"GET"; http_method; content:"/ngeeto/edxuin.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"gonte.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489980/; classtype:trojan-activity;sid:84353080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489977)"; flow:established,from_client; content:"GET"; http_method; content:"/ngbee/ngqabn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"gonte.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489977/; classtype:trojan-activity;sid:84353077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489976)"; flow:established,from_client; content:"GET"; http_method; content:"/jr2xs558zu.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.defrostbrilliant.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489976/; classtype:trojan-activity;sid:84353076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.156.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489975/; classtype:trojan-activity;sid:84353075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489974)"; flow:established,from_client; content:"GET"; http_method; content:"/files/fixxx.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cryptohardware.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489974/; classtype:trojan-activity;sid:84353074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489973)"; flow:established,from_client; content:"GET"; http_method; content:"/msidle.zip|3f||7c|26|7c|track=6068"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"goldassetsolutions.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489973/; classtype:trojan-activity;sid:84353073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489972)"; flow:established,from_client; content:"GET"; http_method; content:"/comcat.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"consumer-compare.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489972/; classtype:trojan-activity;sid:84353072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489970)"; flow:established,from_client; content:"GET"; http_method; content:"/files/libeasier.js"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cryptohardware.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489970/; classtype:trojan-activity;sid:84353070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489971)"; flow:established,from_client; content:"GET"; http_method; content:"/normintovogue.mp3"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"bistor.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489971/; classtype:trojan-activity;sid:84353071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489969)"; flow:established,from_client; content:"GET"; http_method; content:"/files/index.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cryptohardware.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489969/; classtype:trojan-activity;sid:84353069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.223.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489968/; classtype:trojan-activity;sid:84353068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489967/; classtype:trojan-activity;sid:84353067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.217.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489966/; classtype:trojan-activity;sid:84353066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.105.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489965/; classtype:trojan-activity;sid:84353065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.180.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489964/; classtype:trojan-activity;sid:84353064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.42.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489963/; classtype:trojan-activity;sid:84353063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489962)"; flow:established,from_client; content:"GET"; http_method; content:"/voom.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"supplier-murray-custody-treasures.trycloudflare.com"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489962/; classtype:trojan-activity;sid:84353062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489961)"; flow:established,from_client; content:"GET"; http_method; content:"/992/goodisthebestthingsbetterwaytotellhimbestfor.hta"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"172.245.191.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489961/; classtype:trojan-activity;sid:84353061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489959)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/beaut/niceevenbettergirllikeabuttersmoothkissforme.hta"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"217.154.55.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489959/; classtype:trojan-activity;sid:84353059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489960)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/ksmo/bettercontactforgreatworksgoodforbetter.hta"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"172.245.123.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489960/; classtype:trojan-activity;sid:84353060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.144.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489958/; classtype:trojan-activity;sid:84353058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489957)"; flow:established,from_client; content:"GET"; http_method; content:"/d/3bplpjvq/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489957/; classtype:trojan-activity;sid:84353057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489956)"; flow:established,from_client; content:"GET"; http_method; content:"/450/newwelcomedrinkforentireteammemebers.hta"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"217.154.55.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489956/; classtype:trojan-activity;sid:84353056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489955)"; flow:established,from_client; content:"GET"; http_method; content:"/450/cham/newwelcomedrinkforentireteammemebersnewwel________newwelcomedrinkforentireteammemebers_________newwelcomedrinkforentireteammemebers.doc"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"217.154.55.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489955/; classtype:trojan-activity;sid:84353055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.132.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489954/; classtype:trojan-activity;sid:84353054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489953)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/kiss/zynewdaysnewtimeforbestthingstohappenedever.hta"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"217.154.55.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489953/; classtype:trojan-activity;sid:84353053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489952)"; flow:established,from_client; content:"GET"; http_method; content:"/files/ste.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.219.214.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489952/; classtype:trojan-activity;sid:84353052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489951)"; flow:established,from_client; content:"GET"; http_method; content:"/files/clip.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.219.214.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489951/; classtype:trojan-activity;sid:84353051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.132.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489950/; classtype:trojan-activity;sid:84353050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.62.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489949/; classtype:trojan-activity;sid:84353049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.212.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489948/; classtype:trojan-activity;sid:84353048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.217.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489947/; classtype:trojan-activity;sid:84353047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489946)"; flow:established,from_client; content:"GET"; http_method; content:"/001/01/d1"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"104.168.28.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489946/; classtype:trojan-activity;sid:84353046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.144.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489945/; classtype:trojan-activity;sid:84353045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489944)"; flow:established,from_client; content:"GET"; http_method; content:"/javaw.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.229.233.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489944/; classtype:trojan-activity;sid:84353044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489941)"; flow:established,from_client; content:"GET"; http_method; content:"/data/001"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.174.192.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489941/; classtype:trojan-activity;sid:84353041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489942)"; flow:established,from_client; content:"GET"; http_method; content:"/data/003"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.174.192.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489942/; classtype:trojan-activity;sid:84353042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489943)"; flow:established,from_client; content:"GET"; http_method; content:"/clean"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.174.192.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489943/; classtype:trojan-activity;sid:84353043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489938)"; flow:established,from_client; content:"GET"; http_method; content:"/01.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.211.191.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489938/; classtype:trojan-activity;sid:84353038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.113.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489939/; classtype:trojan-activity;sid:84353039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489940)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1087989943/qqfhol1.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489940/; classtype:trojan-activity;sid:84353040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489936)"; flow:established,from_client; content:"GET"; http_method; content:"/cam.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"195.211.191.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489936/; classtype:trojan-activity;sid:84353036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489937)"; flow:established,from_client; content:"GET"; http_method; content:"/data1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.174.192.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489937/; classtype:trojan-activity;sid:84353037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489935)"; flow:established,from_client; content:"GET"; http_method; content:"/files/mikescamtoni/random.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489935/; classtype:trojan-activity;sid:84353035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.255.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489934/; classtype:trojan-activity;sid:84353034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.93.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489933/; classtype:trojan-activity;sid:84353033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.132.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489932/; classtype:trojan-activity;sid:84353032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489930)"; flow:established,from_client; content:"GET"; http_method; content:"/mrgrsnx.bat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mbrt.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489930/; classtype:trojan-activity;sid:84353030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.32.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489931/; classtype:trojan-activity;sid:84353031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.178.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489927/; classtype:trojan-activity;sid:84353027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489928)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.87.201"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489928/; classtype:trojan-activity;sid:84353028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.43.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489929/; classtype:trojan-activity;sid:84353029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.15.10.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489925/; classtype:trojan-activity;sid:84353025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489926)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489926/; classtype:trojan-activity;sid:84353026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489924/; classtype:trojan-activity;sid:84353024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.197.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489923/; classtype:trojan-activity;sid:84353023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.1.99"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489922/; classtype:trojan-activity;sid:84353022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.238.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489921/; classtype:trojan-activity;sid:84353021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.177.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489919/; classtype:trojan-activity;sid:84353019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.80.0.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489920/; classtype:trojan-activity;sid:84353020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.87.112.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489918/; classtype:trojan-activity;sid:84353018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.210.101.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489917/; classtype:trojan-activity;sid:84353017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489916)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.2.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489916/; classtype:trojan-activity;sid:84353016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.62.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489914/; classtype:trojan-activity;sid:84353014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489915/; classtype:trojan-activity;sid:84353015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.167.175.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489913/; classtype:trojan-activity;sid:84353013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.84.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489912/; classtype:trojan-activity;sid:84353012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.30.238.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489911/; classtype:trojan-activity;sid:84353011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.186.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489910/; classtype:trojan-activity;sid:84353010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489909/; classtype:trojan-activity;sid:84353009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.191.160.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489908/; classtype:trojan-activity;sid:84353008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.126.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489907/; classtype:trojan-activity;sid:84353007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489906/; classtype:trojan-activity;sid:84353006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.113.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489905/; classtype:trojan-activity;sid:84353005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.9.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489904/; classtype:trojan-activity;sid:84353004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.255.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489903/; classtype:trojan-activity;sid:84353003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.32.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489902/; classtype:trojan-activity;sid:84353002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489901/; classtype:trojan-activity;sid:84353001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489899/; classtype:trojan-activity;sid:84352999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.30.238.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489900/; classtype:trojan-activity;sid:84353000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.84.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489898/; classtype:trojan-activity;sid:84352998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.186.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489897/; classtype:trojan-activity;sid:84352997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489896/; classtype:trojan-activity;sid:84352996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.229.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489895/; classtype:trojan-activity;sid:84352995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.126.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489894/; classtype:trojan-activity;sid:84352994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.66.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489893/; classtype:trojan-activity;sid:84352993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.66.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489892/; classtype:trojan-activity;sid:84352992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.123.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489891/; classtype:trojan-activity;sid:84352991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.70.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489889/; classtype:trojan-activity;sid:84352989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.85.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489890/; classtype:trojan-activity;sid:84352990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.133.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489888/; classtype:trojan-activity;sid:84352988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489887/; classtype:trojan-activity;sid:84352987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.227.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489886/; classtype:trojan-activity;sid:84352986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489884/; classtype:trojan-activity;sid:84352984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.91.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489885/; classtype:trojan-activity;sid:84352985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.118.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489883/; classtype:trojan-activity;sid:84352983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.133.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489882/; classtype:trojan-activity;sid:84352982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.70.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489881/; classtype:trojan-activity;sid:84352981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.147.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489880/; classtype:trojan-activity;sid:84352980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.85.99.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489879/; classtype:trojan-activity;sid:84352979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.143.171.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489877/; classtype:trojan-activity;sid:84352977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.118.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489878/; classtype:trojan-activity;sid:84352978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489876/; classtype:trojan-activity;sid:84352976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.91.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489875/; classtype:trojan-activity;sid:84352975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.116.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489874/; classtype:trojan-activity;sid:84352974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.120.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489873/; classtype:trojan-activity;sid:84352973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.143.171.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489872/; classtype:trojan-activity;sid:84352972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.120.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489871/; classtype:trojan-activity;sid:84352971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.147.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489870/; classtype:trojan-activity;sid:84352970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.244.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489869/; classtype:trojan-activity;sid:84352969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.166.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489868/; classtype:trojan-activity;sid:84352968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.21.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489867/; classtype:trojan-activity;sid:84352967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.126.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489866/; classtype:trojan-activity;sid:84352966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.53.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489865/; classtype:trojan-activity;sid:84352965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.147.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489864/; classtype:trojan-activity;sid:84352964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.147.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489863/; classtype:trojan-activity;sid:84352963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.7.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489862/; classtype:trojan-activity;sid:84352962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.60.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489861/; classtype:trojan-activity;sid:84352961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.166.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489860/; classtype:trojan-activity;sid:84352960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.148.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489859/; classtype:trojan-activity;sid:84352959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"73.106.212.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489858/; classtype:trojan-activity;sid:84352958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.53.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489857/; classtype:trojan-activity;sid:84352957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.190.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489856/; classtype:trojan-activity;sid:84352956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.7.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489854/; classtype:trojan-activity;sid:84352954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.115.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489855/; classtype:trojan-activity;sid:84352955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.156.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489853/; classtype:trojan-activity;sid:84352953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.148.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489852/; classtype:trojan-activity;sid:84352952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.9.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489851/; classtype:trojan-activity;sid:84352951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.191.242.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489850/; classtype:trojan-activity;sid:84352950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.134.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489849/; classtype:trojan-activity;sid:84352949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.76.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489848/; classtype:trojan-activity;sid:84352948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.0.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489847/; classtype:trojan-activity;sid:84352947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.106.212.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489846/; classtype:trojan-activity;sid:84352946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.48.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489845/; classtype:trojan-activity;sid:84352945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.108.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489844/; classtype:trojan-activity;sid:84352944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.97.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489843/; classtype:trojan-activity;sid:84352943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.48.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489842/; classtype:trojan-activity;sid:84352942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.190.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489841/; classtype:trojan-activity;sid:84352941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.108.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489840/; classtype:trojan-activity;sid:84352940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.76.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489839/; classtype:trojan-activity;sid:84352939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.9.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489838/; classtype:trojan-activity;sid:84352938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.120.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489837/; classtype:trojan-activity;sid:84352937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489836)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.109.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489836/; classtype:trojan-activity;sid:84352936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.0.126"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489835/; classtype:trojan-activity;sid:84352935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.113.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489834/; classtype:trojan-activity;sid:84352934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.104.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489833/; classtype:trojan-activity;sid:84352933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.250.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489832/; classtype:trojan-activity;sid:84352932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.251.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489831/; classtype:trojan-activity;sid:84352931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489829/; classtype:trojan-activity;sid:84352929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.169.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489830/; classtype:trojan-activity;sid:84352930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.65.55.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489828/; classtype:trojan-activity;sid:84352928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489827)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.200.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489827/; classtype:trojan-activity;sid:84352927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.188.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489826/; classtype:trojan-activity;sid:84352926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.115.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489825/; classtype:trojan-activity;sid:84352925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.27.46.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489824/; classtype:trojan-activity;sid:84352924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.0.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489823/; classtype:trojan-activity;sid:84352923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.197.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489822/; classtype:trojan-activity;sid:84352922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.97.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489821/; classtype:trojan-activity;sid:84352921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.97.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489820/; classtype:trojan-activity;sid:84352920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.75.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489819/; classtype:trojan-activity;sid:84352919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.11.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489818/; classtype:trojan-activity;sid:84352918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.196.183.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489817/; classtype:trojan-activity;sid:84352917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.219.13.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489816/; classtype:trojan-activity;sid:84352916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.55.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489815/; classtype:trojan-activity;sid:84352915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.27.46.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489814/; classtype:trojan-activity;sid:84352914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.240.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489813/; classtype:trojan-activity;sid:84352913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.139.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489812/; classtype:trojan-activity;sid:84352912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.89.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489811/; classtype:trojan-activity;sid:84352911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.183.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489810/; classtype:trojan-activity;sid:84352910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.248.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489809/; classtype:trojan-activity;sid:84352909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.174.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489808/; classtype:trojan-activity;sid:84352908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.197.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489807/; classtype:trojan-activity;sid:84352907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.188.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489806/; classtype:trojan-activity;sid:84352906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.78.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489805/; classtype:trojan-activity;sid:84352905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.120.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489804/; classtype:trojan-activity;sid:84352904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.219.13.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489803/; classtype:trojan-activity;sid:84352903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.55.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489802/; classtype:trojan-activity;sid:84352902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.17.157"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489800/; classtype:trojan-activity;sid:84352900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.122.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489801/; classtype:trojan-activity;sid:84352901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.139.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489799/; classtype:trojan-activity;sid:84352899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.248.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489798/; classtype:trojan-activity;sid:84352898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489797/; classtype:trojan-activity;sid:84352897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.11.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489796/; classtype:trojan-activity;sid:84352896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.174.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489795/; classtype:trojan-activity;sid:84352895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.89.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489794/; classtype:trojan-activity;sid:84352894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.249.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489793/; classtype:trojan-activity;sid:84352893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.113.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489792/; classtype:trojan-activity;sid:84352892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.13.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489791/; classtype:trojan-activity;sid:84352891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.71.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489790/; classtype:trojan-activity;sid:84352890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.122.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489789/; classtype:trojan-activity;sid:84352889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.215.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489788/; classtype:trojan-activity;sid:84352888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.113.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489787/; classtype:trojan-activity;sid:84352887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.254.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489786/; classtype:trojan-activity;sid:84352886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.9.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489785/; classtype:trojan-activity;sid:84352885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.183.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489784/; classtype:trojan-activity;sid:84352884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489783/; classtype:trojan-activity;sid:84352883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.83.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489782/; classtype:trojan-activity;sid:84352882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.169.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489781/; classtype:trojan-activity;sid:84352881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.197.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489780/; classtype:trojan-activity;sid:84352880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.68.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489779/; classtype:trojan-activity;sid:84352879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.241.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489778/; classtype:trojan-activity;sid:84352878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.178.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489777/; classtype:trojan-activity;sid:84352877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.169.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489776/; classtype:trojan-activity;sid:84352876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.251.20.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489774/; classtype:trojan-activity;sid:84352874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.68.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489775/; classtype:trojan-activity;sid:84352875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.186.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489773/; classtype:trojan-activity;sid:84352873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.41.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489772/; classtype:trojan-activity;sid:84352872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.45.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489771/; classtype:trojan-activity;sid:84352871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.90.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489770/; classtype:trojan-activity;sid:84352870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489769/; classtype:trojan-activity;sid:84352869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.203.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489768/; classtype:trojan-activity;sid:84352868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.178.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489767/; classtype:trojan-activity;sid:84352867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.122.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489766/; classtype:trojan-activity;sid:84352866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.41.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489765/; classtype:trojan-activity;sid:84352865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.53.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489764/; classtype:trojan-activity;sid:84352864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.186.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489763/; classtype:trojan-activity;sid:84352863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.251.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489762/; classtype:trojan-activity;sid:84352862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489761/; classtype:trojan-activity;sid:84352861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.73.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489760/; classtype:trojan-activity;sid:84352860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.63.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489759/; classtype:trojan-activity;sid:84352859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.45.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489758/; classtype:trojan-activity;sid:84352858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.233.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489757/; classtype:trojan-activity;sid:84352857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.200.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489756/; classtype:trojan-activity;sid:84352856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.90.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489755/; classtype:trojan-activity;sid:84352855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.79.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489753/; classtype:trojan-activity;sid:84352853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.178.41.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489754/; classtype:trojan-activity;sid:84352854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.251.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489752/; classtype:trojan-activity;sid:84352852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.122.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489751/; classtype:trojan-activity;sid:84352851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.36.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489750/; classtype:trojan-activity;sid:84352850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.227.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489749/; classtype:trojan-activity;sid:84352849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.24.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489748/; classtype:trojan-activity;sid:84352848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.79.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489746/; classtype:trojan-activity;sid:84352846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.115.89.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489747/; classtype:trojan-activity;sid:84352847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.171.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489744/; classtype:trojan-activity;sid:84352844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489745/; classtype:trojan-activity;sid:84352845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.155.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489743/; classtype:trojan-activity;sid:84352843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.53.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3489742/; classtype:trojan-activity;sid:84352842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.136.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489741/; classtype:trojan-activity;sid:84352841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.68.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489740/; classtype:trojan-activity;sid:84352840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.17.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489739/; classtype:trojan-activity;sid:84352839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.41.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489738/; classtype:trojan-activity;sid:84352838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.200.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489737/; classtype:trojan-activity;sid:84352837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.79.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489736/; classtype:trojan-activity;sid:84352836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.112.153.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489735/; classtype:trojan-activity;sid:84352835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.60.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489733/; classtype:trojan-activity;sid:84352833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.244.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489734/; classtype:trojan-activity;sid:84352834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.136.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489732/; classtype:trojan-activity;sid:84352832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.73.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489731/; classtype:trojan-activity;sid:84352831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.165.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489730/; classtype:trojan-activity;sid:84352830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.60.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489729/; classtype:trojan-activity;sid:84352829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.61.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489728/; classtype:trojan-activity;sid:84352828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.154.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489727/; classtype:trojan-activity;sid:84352827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.234.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489726/; classtype:trojan-activity;sid:84352826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.174.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489725/; classtype:trojan-activity;sid:84352825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.157.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489724/; classtype:trojan-activity;sid:84352824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.57.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489723/; classtype:trojan-activity;sid:84352823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.165.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489722/; classtype:trojan-activity;sid:84352822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.233.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489721/; classtype:trojan-activity;sid:84352821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.244.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489720/; classtype:trojan-activity;sid:84352820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489719)"; flow:established,from_client; content:"GET"; http_method; content:"/jack5tr.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"anti.linkpc.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489719/; classtype:trojan-activity;sid:84352819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489718)"; flow:established,from_client; content:"GET"; http_method; content:"/no.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.71.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489718/; classtype:trojan-activity;sid:84352818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.174.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489717/; classtype:trojan-activity;sid:84352817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.179.230.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489716/; classtype:trojan-activity;sid:84352816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.214.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489715/; classtype:trojan-activity;sid:84352815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.103.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489714/; classtype:trojan-activity;sid:84352814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.65.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489713/; classtype:trojan-activity;sid:84352813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.251.20.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489712/; classtype:trojan-activity;sid:84352812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.135.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489711/; classtype:trojan-activity;sid:84352811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.91.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489710/; classtype:trojan-activity;sid:84352810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.57.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489709/; classtype:trojan-activity;sid:84352809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.179.230.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489708/; classtype:trojan-activity;sid:84352808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.214.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489707/; classtype:trojan-activity;sid:84352807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.100.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489706/; classtype:trojan-activity;sid:84352806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.113.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489705/; classtype:trojan-activity;sid:84352805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.131.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489704/; classtype:trojan-activity;sid:84352804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.244.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489703/; classtype:trojan-activity;sid:84352803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.181.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489702/; classtype:trojan-activity;sid:84352802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.219.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489700/; classtype:trojan-activity;sid:84352800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.119.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489701/; classtype:trojan-activity;sid:84352801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489699)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.227.133.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489699/; classtype:trojan-activity;sid:84352799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.157.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489698/; classtype:trojan-activity;sid:84352798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.227.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489697/; classtype:trojan-activity;sid:84352797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.116.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489696/; classtype:trojan-activity;sid:84352796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.100.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489695/; classtype:trojan-activity;sid:84352795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.103.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489694/; classtype:trojan-activity;sid:84352794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489693/; classtype:trojan-activity;sid:84352793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.227.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489692/; classtype:trojan-activity;sid:84352792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.240.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489691/; classtype:trojan-activity;sid:84352791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.191.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489690/; classtype:trojan-activity;sid:84352790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.234.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489689/; classtype:trojan-activity;sid:84352789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.113.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489688/; classtype:trojan-activity;sid:84352788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.11.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489686/; classtype:trojan-activity;sid:84352786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.31.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489687/; classtype:trojan-activity;sid:84352787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.172.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489685/; classtype:trojan-activity;sid:84352785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.219.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489684/; classtype:trojan-activity;sid:84352784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489683/; classtype:trojan-activity;sid:84352783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489682/; classtype:trojan-activity;sid:84352782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.35.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489681/; classtype:trojan-activity;sid:84352781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489680/; classtype:trojan-activity;sid:84352780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.104.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489679/; classtype:trojan-activity;sid:84352779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.246.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489678/; classtype:trojan-activity;sid:84352778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.11.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489677/; classtype:trojan-activity;sid:84352777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.191.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489676/; classtype:trojan-activity;sid:84352776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.240.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489675/; classtype:trojan-activity;sid:84352775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.9.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489674/; classtype:trojan-activity;sid:84352774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.31.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489673/; classtype:trojan-activity;sid:84352773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.63.41.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489672/; classtype:trojan-activity;sid:84352772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.170.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489671/; classtype:trojan-activity;sid:84352771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.23.111"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489670/; classtype:trojan-activity;sid:84352770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.246.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489669/; classtype:trojan-activity;sid:84352769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.35.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489668/; classtype:trojan-activity;sid:84352768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.86.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489665/; classtype:trojan-activity;sid:84352765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.62.118.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489666/; classtype:trojan-activity;sid:84352766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.100.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489667/; classtype:trojan-activity;sid:84352767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.0.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489664/; classtype:trojan-activity;sid:84352764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.164.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489663/; classtype:trojan-activity;sid:84352763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.22.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489659/; classtype:trojan-activity;sid:84352759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.211.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489660/; classtype:trojan-activity;sid:84352760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.211.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489661/; classtype:trojan-activity;sid:84352761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.119.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489662/; classtype:trojan-activity;sid:84352762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489657)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.25.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489657/; classtype:trojan-activity;sid:84352757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.249.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489658/; classtype:trojan-activity;sid:84352758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.129.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489656/; classtype:trojan-activity;sid:84352756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.130.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489653/; classtype:trojan-activity;sid:84352753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489654)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.15.10.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489654/; classtype:trojan-activity;sid:84352754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.150.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489655/; classtype:trojan-activity;sid:84352755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.49.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489652/; classtype:trojan-activity;sid:84352752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.118.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489651/; classtype:trojan-activity;sid:84352751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.63.41.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489650/; classtype:trojan-activity;sid:84352750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.2.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489648/; classtype:trojan-activity;sid:84352748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489649/; classtype:trojan-activity;sid:84352749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.107.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489647/; classtype:trojan-activity;sid:84352747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.51.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489646/; classtype:trojan-activity;sid:84352746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.211.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489645/; classtype:trojan-activity;sid:84352745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.106.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489644/; classtype:trojan-activity;sid:84352744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.236.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489643/; classtype:trojan-activity;sid:84352743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.216.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489642/; classtype:trojan-activity;sid:84352742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.2.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489641/; classtype:trojan-activity;sid:84352741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489640/; classtype:trojan-activity;sid:84352740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.32.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489639/; classtype:trojan-activity;sid:84352739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.211.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489637/; classtype:trojan-activity;sid:84352737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.51.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489638/; classtype:trojan-activity;sid:84352738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489636/; classtype:trojan-activity;sid:84352736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.74.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489635/; classtype:trojan-activity;sid:84352735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.38.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489634/; classtype:trojan-activity;sid:84352734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.63.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489633/; classtype:trojan-activity;sid:84352733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.236.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489632/; classtype:trojan-activity;sid:84352732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.107.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489631/; classtype:trojan-activity;sid:84352731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.83.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489630/; classtype:trojan-activity;sid:84352730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.211.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489629/; classtype:trojan-activity;sid:84352729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.181.235.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489627/; classtype:trojan-activity;sid:84352727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.74.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489628/; classtype:trojan-activity;sid:84352728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.38.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489626/; classtype:trojan-activity;sid:84352726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.27.39.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489625/; classtype:trojan-activity;sid:84352725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.63.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489624/; classtype:trojan-activity;sid:84352724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.101.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489623/; classtype:trojan-activity;sid:84352723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.30.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489621/; classtype:trojan-activity;sid:84352721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.29.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489622/; classtype:trojan-activity;sid:84352722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.45.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489620/; classtype:trojan-activity;sid:84352720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.3.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489619/; classtype:trojan-activity;sid:84352719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.16.233"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489618/; classtype:trojan-activity;sid:84352718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489617/; classtype:trojan-activity;sid:84352717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.181.235.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489616/; classtype:trojan-activity;sid:84352716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.207.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489615/; classtype:trojan-activity;sid:84352715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.24.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489614/; classtype:trojan-activity;sid:84352714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489613)"; flow:established,from_client; content:"GET"; http_method; content:"/xw8wcpgkpl.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.defrostbrilliant.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489613/; classtype:trojan-activity;sid:84352713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.101.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489612/; classtype:trojan-activity;sid:84352712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.27.39.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489611/; classtype:trojan-activity;sid:84352711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.16.233"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489610/; classtype:trojan-activity;sid:84352710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.171.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489609/; classtype:trojan-activity;sid:84352709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.30.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489608/; classtype:trojan-activity;sid:84352708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489607)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.84.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489607/; classtype:trojan-activity;sid:84352707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489606)"; flow:established,from_client; content:"GET"; http_method; content:"/bins"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.121.84.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489606/; classtype:trojan-activity;sid:84352706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489605/; classtype:trojan-activity;sid:84352705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.190.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489604/; classtype:trojan-activity;sid:84352704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.122.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489603/; classtype:trojan-activity;sid:84352703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489602)"; flow:established,from_client; content:"GET"; http_method; content:"/7yhtew/payload/remote/general.ps1"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"noexploit.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489602/; classtype:trojan-activity;sid:84352702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.35.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489601/; classtype:trojan-activity;sid:84352701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.122.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489600/; classtype:trojan-activity;sid:84352700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.190.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489599/; classtype:trojan-activity;sid:84352699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.189.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489598/; classtype:trojan-activity;sid:84352698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489597/; classtype:trojan-activity;sid:84352697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.74.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489596/; classtype:trojan-activity;sid:84352696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.140.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489595/; classtype:trojan-activity;sid:84352695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.32.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489594/; classtype:trojan-activity;sid:84352694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.48.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489592/; classtype:trojan-activity;sid:84352692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.135.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489593/; classtype:trojan-activity;sid:84352693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.20.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489591/; classtype:trojan-activity;sid:84352691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.210.101.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489590/; classtype:trojan-activity;sid:84352690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.254.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489589/; classtype:trojan-activity;sid:84352689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.180.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489588/; classtype:trojan-activity;sid:84352688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.165.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489587/; classtype:trojan-activity;sid:84352687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.180.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489585/; classtype:trojan-activity;sid:84352685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.25.81"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489586/; classtype:trojan-activity;sid:84352686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.214.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489584/; classtype:trojan-activity;sid:84352684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489583)"; flow:established,from_client; content:"GET"; http_method; content:"/profilelayout"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"phpmyadmin.artisticglassstudio.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489583/; classtype:trojan-activity;sid:84352683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.63.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489582/; classtype:trojan-activity;sid:84352682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.74.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489581/; classtype:trojan-activity;sid:84352681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489580/; classtype:trojan-activity;sid:84352680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.97.160.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489579/; classtype:trojan-activity;sid:84352679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.192.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489578/; classtype:trojan-activity;sid:84352678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.63.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489577/; classtype:trojan-activity;sid:84352677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.17.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489576/; classtype:trojan-activity;sid:84352676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.189.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489575/; classtype:trojan-activity;sid:84352675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.254.7.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489574/; classtype:trojan-activity;sid:84352674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.38.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489573/; classtype:trojan-activity;sid:84352673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.85.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489572/; classtype:trojan-activity;sid:84352672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.63.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489570/; classtype:trojan-activity;sid:84352670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.62.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489571/; classtype:trojan-activity;sid:84352671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.90.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489569/; classtype:trojan-activity;sid:84352669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.180.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489568/; classtype:trojan-activity;sid:84352668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.3.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489567/; classtype:trojan-activity;sid:84352667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.192.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489566/; classtype:trojan-activity;sid:84352666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.38.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489565/; classtype:trojan-activity;sid:84352665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.17.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489564/; classtype:trojan-activity;sid:84352664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.254.7.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489563/; classtype:trojan-activity;sid:84352663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.233.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489562/; classtype:trojan-activity;sid:84352662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489561/; classtype:trojan-activity;sid:84352661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.62.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489560/; classtype:trojan-activity;sid:84352660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.180.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489559/; classtype:trojan-activity;sid:84352659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.63.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489558/; classtype:trojan-activity;sid:84352658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.182.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489557/; classtype:trojan-activity;sid:84352657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489556)"; flow:established,from_client; content:"GET"; http_method; content:"/convertedfile.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"talentrecruitments.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489556/; classtype:trojan-activity;sid:84352656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.226.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489555/; classtype:trojan-activity;sid:84352655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.90.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489554/; classtype:trojan-activity;sid:84352654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.221.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489553/; classtype:trojan-activity;sid:84352653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.182.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489552/; classtype:trojan-activity;sid:84352652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.9.3.200"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489551/; classtype:trojan-activity;sid:84352651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.59.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489550/; classtype:trojan-activity;sid:84352650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.191.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489549/; classtype:trojan-activity;sid:84352649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489548)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/4thepool_miner.sh"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"46.8.226.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489548/; classtype:trojan-activity;sid:84352648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489547)"; flow:established,from_client; content:"GET"; http_method; content:"/telnetd"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.115.172.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489547/; classtype:trojan-activity;sid:84352647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.120.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489546/; classtype:trojan-activity;sid:84352646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.178.36.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489545/; classtype:trojan-activity;sid:84352645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.19.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489544/; classtype:trojan-activity;sid:84352644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.142.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489543/; classtype:trojan-activity;sid:84352643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489542)"; flow:established,from_client; content:"GET"; http_method; content:"/gabo061105/roblox-wave/releases/download/3.2.4/release.3.2.4.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489542/; classtype:trojan-activity;sid:84352642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.142.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489541/; classtype:trojan-activity;sid:84352641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.105.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489540/; classtype:trojan-activity;sid:84352640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.120.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489539/; classtype:trojan-activity;sid:84352639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489538)"; flow:established,from_client; content:"GET"; http_method; content:"/pushkar-raj-141/api/refs/heads/master/like.txt"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489538/; classtype:trojan-activity;sid:84352638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.11.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489537/; classtype:trojan-activity;sid:84352637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489536)"; flow:established,from_client; content:"GET"; http_method; content:"/12032025/p4zyifb936qhnh0rjzlj.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"144.91.92.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489536/; classtype:trojan-activity;sid:84352636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.178.36.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489535/; classtype:trojan-activity;sid:84352635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.195.7.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489534/; classtype:trojan-activity;sid:84352634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489533)"; flow:established,from_client; content:"GET"; http_method; content:"/snak/po202503be.bat"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"special-create-studio.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489533/; classtype:trojan-activity;sid:84352633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489532)"; flow:established,from_client; content:"GET"; http_method; content:"/ave19930hv7/1ah-arsenalh/releases/download/kmleg9s4at/dmg93k5b1q.rar"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489532/; classtype:trojan-activity;sid:84352632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.85.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489531/; classtype:trojan-activity;sid:84352631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.227.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489529/; classtype:trojan-activity;sid:84352629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.191.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489530/; classtype:trojan-activity;sid:84352630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.11.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489528/; classtype:trojan-activity;sid:84352628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489527/; classtype:trojan-activity;sid:84352627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.16.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489526/; classtype:trojan-activity;sid:84352626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.193.59.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489525/; classtype:trojan-activity;sid:84352625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.227.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489524/; classtype:trojan-activity;sid:84352624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.1.186"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489523/; classtype:trojan-activity;sid:84352623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.24.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489519/; classtype:trojan-activity;sid:84352619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489520/; classtype:trojan-activity;sid:84352620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.65.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489521/; classtype:trojan-activity;sid:84352621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.218.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489522/; classtype:trojan-activity;sid:84352622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.96.228.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489517/; classtype:trojan-activity;sid:84352617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.69.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489518/; classtype:trojan-activity;sid:84352618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489515)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.22.160.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489515/; classtype:trojan-activity;sid:84352615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.159.96.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489516/; classtype:trojan-activity;sid:84352616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.253.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489514/; classtype:trojan-activity;sid:84352614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489513)"; flow:established,from_client; content:"GET"; http_method; content:"/nop"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489513/; classtype:trojan-activity;sid:84352613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489512)"; flow:established,from_client; content:"GET"; http_method; content:"/tvt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.205.128.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489512/; classtype:trojan-activity;sid:84352612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489510)"; flow:established,from_client; content:"GET"; http_method; content:"/theus12324/roblox-appleware/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489510/; classtype:trojan-activity;sid:84352610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489511)"; flow:established,from_client; content:"GET"; http_method; content:"/jaccck15/spoofer-hwid-game/releases/download/v1.0/soft.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489511/; classtype:trojan-activity;sid:84352611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489509)"; flow:established,from_client; content:"GET"; http_method; content:"/aldenpogznet22/hamster-bot/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489509/; classtype:trojan-activity;sid:84352609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489504)"; flow:established,from_client; content:"GET"; http_method; content:"/hajesystem/react-recoil/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489504/; classtype:trojan-activity;sid:84352604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489505)"; flow:established,from_client; content:"GET"; http_method; content:"/azoresn/roblox-nihon/releases/download/v1.0/executor.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489505/; classtype:trojan-activity;sid:84352605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489506)"; flow:established,from_client; content:"GET"; http_method; content:"/28larsosamj/krnl-executor/releases/download/v1.0/executor.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489506/; classtype:trojan-activity;sid:84352606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489507)"; flow:established,from_client; content:"GET"; http_method; content:"/jjgamerz123/roblox-nihon/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489507/; classtype:trojan-activity;sid:84352607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489508)"; flow:established,from_client; content:"GET"; http_method; content:"/worakom99/carbon-executor/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489508/; classtype:trojan-activity;sid:84352608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489502)"; flow:established,from_client; content:"GET"; http_method; content:"/thurynw/uoffice_library_uot/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489502/; classtype:trojan-activity;sid:84352602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489503)"; flow:established,from_client; content:"GET"; http_method; content:"/hajesystem/react-query/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489503/; classtype:trojan-activity;sid:84352603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489501)"; flow:established,from_client; content:"GET"; http_method; content:"/jamescarlzafra/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489501/; classtype:trojan-activity;sid:84352601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.202.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489500/; classtype:trojan-activity;sid:84352600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.42.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489499/; classtype:trojan-activity;sid:84352599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.183.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489498/; classtype:trojan-activity;sid:84352598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489496)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.135.45.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489496/; classtype:trojan-activity;sid:84352596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489497)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.135.45.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489497/; classtype:trojan-activity;sid:84352597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489490)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.135.45.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489490/; classtype:trojan-activity;sid:84352590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489491)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.135.45.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489491/; classtype:trojan-activity;sid:84352591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489492)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.135.45.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489492/; classtype:trojan-activity;sid:84352592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489493)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.135.45.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489493/; classtype:trojan-activity;sid:84352593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489494)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.135.45.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489494/; classtype:trojan-activity;sid:84352594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489495)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.135.45.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489495/; classtype:trojan-activity;sid:84352595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489486)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.135.45.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489486/; classtype:trojan-activity;sid:84352586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.224.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489487/; classtype:trojan-activity;sid:84352587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.193.59.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489488/; classtype:trojan-activity;sid:84352588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.61.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489489/; classtype:trojan-activity;sid:84352589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489485)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.135.45.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489485/; classtype:trojan-activity;sid:84352585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489483)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.135.45.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489483/; classtype:trojan-activity;sid:84352583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489484)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.135.45.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489484/; classtype:trojan-activity;sid:84352584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.199.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489482/; classtype:trojan-activity;sid:84352582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489474)"; flow:established,from_client; content:"GET"; http_method; content:"/toanminh2004/duan1/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489474/; classtype:trojan-activity;sid:84352574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489475)"; flow:established,from_client; content:"GET"; http_method; content:"/cistelsa/commerce_data_analysis_and_recommendations/releases/download/v2.0/software.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489475/; classtype:trojan-activity;sid:84352575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489476)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/loco/releases/download/v1.0/application.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489476/; classtype:trojan-activity;sid:84352576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489477)"; flow:established,from_client; content:"GET"; http_method; content:"/cistelsa/commerce_data_analysis_and_recommendations/releases/download/v1.0/software.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489477/; classtype:trojan-activity;sid:84352577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489478)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/loco/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489478/; classtype:trojan-activity;sid:84352578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489479)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-2/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489479/; classtype:trojan-activity;sid:84352579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489480)"; flow:established,from_client; content:"GET"; http_method; content:"/cistelsa/predictive-sentiment-analysis-of-twitter-for-btc/releases/download/v1.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489480/; classtype:trojan-activity;sid:84352580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489481)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-proxytv/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489481/; classtype:trojan-activity;sid:84352581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489471)"; flow:established,from_client; content:"GET"; http_method; content:"/cistelsa/predictive-sentiment-analysis-of-twitter-for-btc/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489471/; classtype:trojan-activity;sid:84352571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489472)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-proxytv/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489472/; classtype:trojan-activity;sid:84352572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489473)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-2/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489473/; classtype:trojan-activity;sid:84352573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.87.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489470/; classtype:trojan-activity;sid:84352570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.202.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489469/; classtype:trojan-activity;sid:84352569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.42.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489468/; classtype:trojan-activity;sid:84352568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489466)"; flow:established,from_client; content:"GET"; http_method; content:"/justakidthatcode/deez-guess/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489466/; classtype:trojan-activity;sid:84352566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489467)"; flow:established,from_client; content:"GET"; http_method; content:"/lziemniak/pythonproject3src/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489467/; classtype:trojan-activity;sid:84352567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489465)"; flow:established,from_client; content:"GET"; http_method; content:"/kelsey950/bounceoff/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489465/; classtype:trojan-activity;sid:84352565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489455)"; flow:established,from_client; content:"GET"; http_method; content:"/pritamdash143/art-expo/releases/download/v1.0/release_x64.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489455/; classtype:trojan-activity;sid:84352555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489456)"; flow:established,from_client; content:"GET"; http_method; content:"/aliasghar100/milestone-assigment-1/releases/download/v1.0/release_x64.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489456/; classtype:trojan-activity;sid:84352556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489457)"; flow:established,from_client; content:"GET"; http_method; content:"/aliasghar100/milestone-assigment-2/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489457/; classtype:trojan-activity;sid:84352557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489458)"; flow:established,from_client; content:"GET"; http_method; content:"/aliasghar100/milestone-assigment-1/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489458/; classtype:trojan-activity;sid:84352558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489459)"; flow:established,from_client; content:"GET"; http_method; content:"/leydypenaloza/pi_analisis_de_criptomonedas/releases/download/v1.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489459/; classtype:trojan-activity;sid:84352559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489460)"; flow:established,from_client; content:"GET"; http_method; content:"/serapunk/roblox-login.github.io/releases/download/v1.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489460/; classtype:trojan-activity;sid:84352560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489461)"; flow:established,from_client; content:"GET"; http_method; content:"/aliasghar100/milestone-assigment-2/releases/download/v1.0/release_x64.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489461/; classtype:trojan-activity;sid:84352561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489462)"; flow:established,from_client; content:"GET"; http_method; content:"/serapunk/roblox-login.github.io/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489462/; classtype:trojan-activity;sid:84352562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489463)"; flow:established,from_client; content:"GET"; http_method; content:"/leydypenaloza/pi_analisis_de_criptomonedas/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489463/; classtype:trojan-activity;sid:84352563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489464)"; flow:established,from_client; content:"GET"; http_method; content:"/justakidthatcode/deez-guess/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489464/; classtype:trojan-activity;sid:84352564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489454)"; flow:established,from_client; content:"GET"; http_method; content:"/numbremix8990/mrx/releases/download/v1.0.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489454/; classtype:trojan-activity;sid:84352554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489451)"; flow:established,from_client; content:"GET"; http_method; content:"/lziemniak/pythonproject3src/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489451/; classtype:trojan-activity;sid:84352551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489452)"; flow:established,from_client; content:"GET"; http_method; content:"/kelsey950/collition-algorithm/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489452/; classtype:trojan-activity;sid:84352552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489453)"; flow:established,from_client; content:"GET"; http_method; content:"/numbremix8990/mrx/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489453/; classtype:trojan-activity;sid:84352553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.253.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489450/; classtype:trojan-activity;sid:84352550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.78.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489449/; classtype:trojan-activity;sid:84352549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.224.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489448/; classtype:trojan-activity;sid:84352548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.183.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489447/; classtype:trojan-activity;sid:84352547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.125.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489446/; classtype:trojan-activity;sid:84352546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489441)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/kenibotz-md/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489441/; classtype:trojan-activity;sid:84352541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489442)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/haruka-bot/releases/download/v1.0/release_x64.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489442/; classtype:trojan-activity;sid:84352542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489443)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/atlasmdnew/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489443/; classtype:trojan-activity;sid:84352543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489444)"; flow:established,from_client; content:"GET"; http_method; content:"/rain12gamer/pixelgun/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489444/; classtype:trojan-activity;sid:84352544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489445)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/kenibotz-md/releases/download/v1.0/release_x64.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489445/; classtype:trojan-activity;sid:84352545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489427)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/haruka-bot/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489427/; classtype:trojan-activity;sid:84352527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489428)"; flow:established,from_client; content:"GET"; http_method; content:"/leanx2/leanx/releases/download/v2.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489428/; classtype:trojan-activity;sid:84352528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489429)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/atlas/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489429/; classtype:trojan-activity;sid:84352529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489430)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/atlas/releases/download/v1.0/release_x64.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489430/; classtype:trojan-activity;sid:84352530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489431)"; flow:established,from_client; content:"GET"; http_method; content:"/itsamari/clearvision_v6-theme-vencord-/releases/download/v1.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489431/; classtype:trojan-activity;sid:84352531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489432)"; flow:established,from_client; content:"GET"; http_method; content:"/itsamari/clearvision_v6-theme-vencord-/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489432/; classtype:trojan-activity;sid:84352532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489433)"; flow:established,from_client; content:"GET"; http_method; content:"/itsamari/bloodcity1.0-vencord-theme/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489433/; classtype:trojan-activity;sid:84352533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489434)"; flow:established,from_client; content:"GET"; http_method; content:"/rain12gamer/pixelgun/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489434/; classtype:trojan-activity;sid:84352534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489435)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/atlasmdnew/releases/download/v1.0/release_x64.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489435/; classtype:trojan-activity;sid:84352535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489436)"; flow:established,from_client; content:"GET"; http_method; content:"/febrixd/nodejs/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489436/; classtype:trojan-activity;sid:84352536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489437)"; flow:established,from_client; content:"GET"; http_method; content:"/d/ovgsonss"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489437/; classtype:trojan-activity;sid:84352537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489438)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/atlasmd/releases/download/v1.0/release_x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489438/; classtype:trojan-activity;sid:84352538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489439)"; flow:established,from_client; content:"GET"; http_method; content:"/rain12gamer/pixelgun/releases/download/v1.0/cheat.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489439/; classtype:trojan-activity;sid:84352539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489440)"; flow:established,from_client; content:"GET"; http_method; content:"/leanx2/leanx/releases/download/v1.0/application.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489440/; classtype:trojan-activity;sid:84352540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489425)"; flow:established,from_client; content:"GET"; http_method; content:"/itsamari/bloodcity1.0-vencord-theme/releases/download/v1.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489425/; classtype:trojan-activity;sid:84352525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489426)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/atlasmd/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489426/; classtype:trojan-activity;sid:84352526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.245.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489424/; classtype:trojan-activity;sid:84352524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.87.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489422/; classtype:trojan-activity;sid:84352522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489423/; classtype:trojan-activity;sid:84352523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.154.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489421/; classtype:trojan-activity;sid:84352521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489419)"; flow:established,from_client; content:"GET"; http_method; content:"/sb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.251.85.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489419/; classtype:trojan-activity;sid:84352519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.78.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489420/; classtype:trojan-activity;sid:84352520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489418)"; flow:established,from_client; content:"GET"; http_method; content:"/sl"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.251.85.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489418/; classtype:trojan-activity;sid:84352518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.61.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489416/; classtype:trojan-activity;sid:84352516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.156.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489417/; classtype:trojan-activity;sid:84352517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.76.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489415/; classtype:trojan-activity;sid:84352515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.143.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489414/; classtype:trojan-activity;sid:84352514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489410)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/kenibotz-v1/releases/download/v1.0/release_x64.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489410/; classtype:trojan-activity;sid:84352510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489411)"; flow:established,from_client; content:"GET"; http_method; content:"/gu446325/gerenciamento-de-eventos3/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489411/; classtype:trojan-activity;sid:84352511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489412)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/kenibotz-mdv2-1444-/releases/download/v1.0/release_x64.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489412/; classtype:trojan-activity;sid:84352512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489413)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/kenibotz-mdv2/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489413/; classtype:trojan-activity;sid:84352513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489407)"; flow:established,from_client; content:"GET"; http_method; content:"/gu446325/gerenciamento-de-eventos3/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489407/; classtype:trojan-activity;sid:84352507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489408)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/kenibotz-v1/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489408/; classtype:trojan-activity;sid:84352508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489409)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/kenibotz-mdv2/releases/download/v1.0/release_x64.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489409/; classtype:trojan-activity;sid:84352509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489403)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/kenibotz-mdv2-aldbtz/releases/download/v1.0/release_x64.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489403/; classtype:trojan-activity;sid:84352503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489404)"; flow:established,from_client; content:"GET"; http_method; content:"/zentosph/aplikasi-bullying/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489404/; classtype:trojan-activity;sid:84352504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489405)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/kenibotz-rsta/releases/download/v1.0/release_x64.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489405/; classtype:trojan-activity;sid:84352505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489406)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/kenibotz-mdv2-aldbtz/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489406/; classtype:trojan-activity;sid:84352506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489401)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/yusupbot/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489401/; classtype:trojan-activity;sid:84352501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489402)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/kenibotz-md-upversion/releases/download/v1.0/release_x64.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489402/; classtype:trojan-activity;sid:84352502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489397)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/kenibotz-mdv2-1444-/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489397/; classtype:trojan-activity;sid:84352497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489398)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/kenibotz-rsta/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489398/; classtype:trojan-activity;sid:84352498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489399)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/yusupbot1/releases/download/v1.0/release_x64.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489399/; classtype:trojan-activity;sid:84352499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489400)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/yusupbot/releases/download/v1.0/release_x64.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489400/; classtype:trojan-activity;sid:84352500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489396)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/kenibotz-md-upversion/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489396/; classtype:trojan-activity;sid:84352496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.202.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489395/; classtype:trojan-activity;sid:84352495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.101.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489394/; classtype:trojan-activity;sid:84352494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489369)"; flow:established,from_client; content:"GET"; http_method; content:"/dcfam747/dcfam747.github.io/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489369/; classtype:trojan-activity;sid:84352469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489370)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/yat-website/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489370/; classtype:trojan-activity;sid:84352470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489371)"; flow:established,from_client; content:"GET"; http_method; content:"/zentosph/perpustakaan/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489371/; classtype:trojan-activity;sid:84352471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489372)"; flow:established,from_client; content:"GET"; http_method; content:"/alex12185656556565556/alexmcdonald.github.io/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489372/; classtype:trojan-activity;sid:84352472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489373)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/dnangel298/releases/download/v1.0/program.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489373/; classtype:trojan-activity;sid:84352473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489374)"; flow:established,from_client; content:"GET"; http_method; content:"/zentosph/sistem-informasi-pengumuman/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489374/; classtype:trojan-activity;sid:84352474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489375)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/yat-website/releases/download/v1.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489375/; classtype:trojan-activity;sid:84352475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489376)"; flow:established,from_client; content:"GET"; http_method; content:"/nepthsy/kpop-stack/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489376/; classtype:trojan-activity;sid:84352476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489377)"; flow:established,from_client; content:"GET"; http_method; content:"/byjereext/byjere-bot-md/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489377/; classtype:trojan-activity;sid:84352477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489378)"; flow:established,from_client; content:"GET"; http_method; content:"/byjereext/fantasma-bot-md/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489378/; classtype:trojan-activity;sid:84352478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489379)"; flow:established,from_client; content:"GET"; http_method; content:"/alex12185656556565556/alex12185656556565556.github.io/releases/download/v2.0/software.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489379/; classtype:trojan-activity;sid:84352479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489380)"; flow:established,from_client; content:"GET"; http_method; content:"/thomas636b/skills-introduction-to-github/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489380/; classtype:trojan-activity;sid:84352480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.93.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489381/; classtype:trojan-activity;sid:84352481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489382)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/yat-website/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489382/; classtype:trojan-activity;sid:84352482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489383)"; flow:established,from_client; content:"GET"; http_method; content:"/dcfam747/dcfam747.github.io/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489383/; classtype:trojan-activity;sid:84352483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489384)"; flow:established,from_client; content:"GET"; http_method; content:"/zentosph/catatan-perjalanan/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489384/; classtype:trojan-activity;sid:84352484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489385)"; flow:established,from_client; content:"GET"; http_method; content:"/thomas636b/skills-introduction-to-github/releases/download/v1.0/release.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489385/; classtype:trojan-activity;sid:84352485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489386)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/dnangel298/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489386/; classtype:trojan-activity;sid:84352486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489387)"; flow:established,from_client; content:"GET"; http_method; content:"/zentosph/kalkulator/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489387/; classtype:trojan-activity;sid:84352487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489388)"; flow:established,from_client; content:"GET"; http_method; content:"/parultripathids/nlp-tasks/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489388/; classtype:trojan-activity;sid:84352488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489389)"; flow:established,from_client; content:"GET"; http_method; content:"/zentosph/wisata/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489389/; classtype:trojan-activity;sid:84352489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489390)"; flow:established,from_client; content:"GET"; http_method; content:"/alex12185656556565556/alex12185656556565556.github.io/releases/download/v1.0/application.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489390/; classtype:trojan-activity;sid:84352490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489391)"; flow:established,from_client; content:"GET"; http_method; content:"/byjereext/fantasma-bot-md/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489391/; classtype:trojan-activity;sid:84352491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489392)"; flow:established,from_client; content:"GET"; http_method; content:"/parultripathids/nlp-tasks/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489392/; classtype:trojan-activity;sid:84352492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489393)"; flow:established,from_client; content:"GET"; http_method; content:"/byjereext/byjere-bot-md/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489393/; classtype:trojan-activity;sid:84352493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489365)"; flow:established,from_client; content:"GET"; http_method; content:"/nepthsy/kpop-stack/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489365/; classtype:trojan-activity;sid:84352465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489366)"; flow:established,from_client; content:"GET"; http_method; content:"/zentosph/e-office/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489366/; classtype:trojan-activity;sid:84352466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489367)"; flow:established,from_client; content:"GET"; http_method; content:"/dnangel298/dnangel298/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489367/; classtype:trojan-activity;sid:84352467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489368)"; flow:established,from_client; content:"GET"; http_method; content:"/jenargithub76/botwa/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489368/; classtype:trojan-activity;sid:84352468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489364)"; flow:established,from_client; content:"GET"; http_method; content:"/alex12185656556565556/alexmcdonald.github.io/releases/download/v1.0/application.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489364/; classtype:trojan-activity;sid:84352464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489361)"; flow:established,from_client; content:"GET"; http_method; content:"/zentosph/gudang/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489361/; classtype:trojan-activity;sid:84352461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489359)"; flow:established,from_client; content:"GET"; http_method; content:"/zentosph/perbandingan-harga-rumah-sakit/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489359/; classtype:trojan-activity;sid:84352459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489360)"; flow:established,from_client; content:"GET"; http_method; content:"/jenargithub76/botwa/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489360/; classtype:trojan-activity;sid:84352460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.154.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489358/; classtype:trojan-activity;sid:84352458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.167.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489357/; classtype:trojan-activity;sid:84352457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489356)"; flow:established,from_client; content:"GET"; http_method; content:"/sp/doc.00929902.pdf.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"climate-larger-winner-ash.trycloudflare.com"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489356/; classtype:trojan-activity;sid:84352456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489355)"; flow:established,from_client; content:"GET"; http_method; content:"/de/bestellung%20nr.%20130-25105297.pdf.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"climate-larger-winner-ash.trycloudflare.com"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489355/; classtype:trojan-activity;sid:84352455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489354)"; flow:established,from_client; content:"GET"; http_method; content:"/2h.bat"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"climate-larger-winner-ash.trycloudflare.com"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489354/; classtype:trojan-activity;sid:84352454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.156.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489353/; classtype:trojan-activity;sid:84352453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489352)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.121.84.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489352/; classtype:trojan-activity;sid:84352452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489348)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.121.84.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489348/; classtype:trojan-activity;sid:84352448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489349)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.121.84.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489349/; classtype:trojan-activity;sid:84352449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489350)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.121.84.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489350/; classtype:trojan-activity;sid:84352450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489351)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.121.84.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489351/; classtype:trojan-activity;sid:84352451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489344)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.121.84.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489344/; classtype:trojan-activity;sid:84352444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489345)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.121.84.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489345/; classtype:trojan-activity;sid:84352445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489346)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.121.84.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489346/; classtype:trojan-activity;sid:84352446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489347)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.121.84.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489347/; classtype:trojan-activity;sid:84352447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489342)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.121.84.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489342/; classtype:trojan-activity;sid:84352442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489343)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g4za.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.121.84.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489343/; classtype:trojan-activity;sid:84352443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.101.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489341/; classtype:trojan-activity;sid:84352441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489333)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/new/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489333/; classtype:trojan-activity;sid:84352433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489334)"; flow:established,from_client; content:"GET"; http_method; content:"/hajesystem/arceus-executor/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489334/; classtype:trojan-activity;sid:84352434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489335)"; flow:established,from_client; content:"GET"; http_method; content:"/akashnilrecovered/akashnilrecovered/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489335/; classtype:trojan-activity;sid:84352435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489336)"; flow:established,from_client; content:"GET"; http_method; content:"/akashnilrecovered/text-formatting-crash-course/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489336/; classtype:trojan-activity;sid:84352436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489337)"; flow:established,from_client; content:"GET"; http_method; content:"/rohitandey/image-map.css/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489337/; classtype:trojan-activity;sid:84352437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489338)"; flow:established,from_client; content:"GET"; http_method; content:"/akashnilrecovered/akashnilrecovered/releases/download/v1.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489338/; classtype:trojan-activity;sid:84352438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489339)"; flow:established,from_client; content:"GET"; http_method; content:"/btl-database/front-end/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489339/; classtype:trojan-activity;sid:84352439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489340)"; flow:established,from_client; content:"GET"; http_method; content:"/akashnilrecovered/text-formatting-crash-course/releases/download/v1.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489340/; classtype:trojan-activity;sid:84352440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489332)"; flow:established,from_client; content:"GET"; http_method; content:"/rohitandey/image-map.css/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489332/; classtype:trojan-activity;sid:84352432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489330)"; flow:established,from_client; content:"GET"; http_method; content:"/tountolover/tountolover/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489330/; classtype:trojan-activity;sid:84352430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489331)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/new/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489331/; classtype:trojan-activity;sid:84352431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.44.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489329/; classtype:trojan-activity;sid:84352429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489328)"; flow:established,from_client; content:"GET"; http_method; content:"/tr.bin"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vy.cequjp2.sa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489328/; classtype:trojan-activity;sid:84352428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.93.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489327/; classtype:trojan-activity;sid:84352427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489326)"; flow:established,from_client; content:"GET"; http_method; content:"/tu.bin"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vy.cequjp2.sa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489326/; classtype:trojan-activity;sid:84352426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.143.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489325/; classtype:trojan-activity;sid:84352425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489324/; classtype:trojan-activity;sid:84352424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489323)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.84.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489323/; classtype:trojan-activity;sid:84352423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489322)"; flow:established,from_client; content:"GET"; http_method; content:"/download/itsm_apni64yn_installer.run"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"evphoto-msp.itsm-us1.comodo.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489322/; classtype:trojan-activity;sid:84352422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.162.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489321/; classtype:trojan-activity;sid:84352421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489309)"; flow:established,from_client; content:"GET"; http_method; content:"/rohitandey/portfolio.html/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489309/; classtype:trojan-activity;sid:84352409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489310)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-authentication-breeze/releases/download/v1.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489310/; classtype:trojan-activity;sid:84352410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489311)"; flow:established,from_client; content:"GET"; http_method; content:"/rohitandey/list.html/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489311/; classtype:trojan-activity;sid:84352411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489312)"; flow:established,from_client; content:"GET"; http_method; content:"/rohitandey/portfolio.html/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489312/; classtype:trojan-activity;sid:84352412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489313)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489313/; classtype:trojan-activity;sid:84352413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489314)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-authentication-breeze/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489314/; classtype:trojan-activity;sid:84352414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489315)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/fortify-auth-laravel/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489315/; classtype:trojan-activity;sid:84352415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489316)"; flow:established,from_client; content:"GET"; http_method; content:"/rohitandey/imagegrid.html/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489316/; classtype:trojan-activity;sid:84352416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489317)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/newlaravel/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489317/; classtype:trojan-activity;sid:84352417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489318)"; flow:established,from_client; content:"GET"; http_method; content:"/rohitandey/intro1.html/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489318/; classtype:trojan-activity;sid:84352418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489319)"; flow:established,from_client; content:"GET"; http_method; content:"/rohitandey/table2.html/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489319/; classtype:trojan-activity;sid:84352419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489307)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/fortify-auth-laravel/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489307/; classtype:trojan-activity;sid:84352407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489308)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/book-e-commerce/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489308/; classtype:trojan-activity;sid:84352408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489306)"; flow:established,from_client; content:"GET"; http_method; content:"/loader/1/file1.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"138.124.55.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489306/; classtype:trojan-activity;sid:84352406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489300)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/book-e-commerce/releases/download/v1.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489300/; classtype:trojan-activity;sid:84352400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489301)"; flow:established,from_client; content:"GET"; http_method; content:"/rohitandey/imagegrid.html/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489301/; classtype:trojan-activity;sid:84352401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489302)"; flow:established,from_client; content:"GET"; http_method; content:"/rohitandey/intro1.html/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489302/; classtype:trojan-activity;sid:84352402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489303)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/newlaravel/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489303/; classtype:trojan-activity;sid:84352403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489304)"; flow:established,from_client; content:"GET"; http_method; content:"/loader/34/file.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"138.124.55.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489304/; classtype:trojan-activity;sid:84352404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489305)"; flow:established,from_client; content:"GET"; http_method; content:"/rohitandey/list.html/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489305/; classtype:trojan-activity;sid:84352405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.240.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489299/; classtype:trojan-activity;sid:84352399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.84.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489298/; classtype:trojan-activity;sid:84352398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489297)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/afledede33.lpk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"upandover.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489297/; classtype:trojan-activity;sid:84352397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.72.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489296/; classtype:trojan-activity;sid:84352396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.44.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489295/; classtype:trojan-activity;sid:84352395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489293)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/users/vndrytlomfhqtdwmyb247.bin"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"ankaglobal.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489293/; classtype:trojan-activity;sid:84352393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489294)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/users/resorberbar.ocx"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"ankaglobal.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489294/; classtype:trojan-activity;sid:84352394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.162.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489292/; classtype:trojan-activity;sid:84352392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489291/; classtype:trojan-activity;sid:84352391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.151.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489290/; classtype:trojan-activity;sid:84352390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489272)"; flow:established,from_client; content:"GET"; http_method; content:"/f60n/l.github.io/releases/download/v1.0/application.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489272/; classtype:trojan-activity;sid:84352372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489273)"; flow:established,from_client; content:"GET"; http_method; content:"/taimoor-ahmmad/portfolio_website-starter/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489273/; classtype:trojan-activity;sid:84352373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489274)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/frontendmentor/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489274/; classtype:trojan-activity;sid:84352374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489275)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/ui-package-email-verify/releases/download/v2.0/software.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489275/; classtype:trojan-activity;sid:84352375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489276)"; flow:established,from_client; content:"GET"; http_method; content:"/taimoor-ahmmad/taimoor-ahmmad/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489276/; classtype:trojan-activity;sid:84352376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489277)"; flow:established,from_client; content:"GET"; http_method; content:"/taimoor-ahmmad/taimoor-ahmmad/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489277/; classtype:trojan-activity;sid:84352377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489278)"; flow:established,from_client; content:"GET"; http_method; content:"/taimoor-ahmmad/portfolio_website-starter/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489278/; classtype:trojan-activity;sid:84352378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489279)"; flow:established,from_client; content:"GET"; http_method; content:"/taimoor-ahmmad/gemini-clone/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489279/; classtype:trojan-activity;sid:84352379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489280)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/frontendmentor/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489280/; classtype:trojan-activity;sid:84352380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489281)"; flow:established,from_client; content:"GET"; http_method; content:"/taimoor-ahmmad/gemini-clone/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489281/; classtype:trojan-activity;sid:84352381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489282)"; flow:established,from_client; content:"GET"; http_method; content:"/taimoor-ahmmad/react-and-tailwind-css/releases/download/v1.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489282/; classtype:trojan-activity;sid:84352382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489283)"; flow:established,from_client; content:"GET"; http_method; content:"/taimoor-ahmmad/fyp_screens/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489283/; classtype:trojan-activity;sid:84352383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489284)"; flow:established,from_client; content:"GET"; http_method; content:"/f60n/l.github.io/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489284/; classtype:trojan-activity;sid:84352384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489285)"; flow:established,from_client; content:"GET"; http_method; content:"/taimoor-ahmmad/fyp_math_genie/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489285/; classtype:trojan-activity;sid:84352385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.12.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489286/; classtype:trojan-activity;sid:84352386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489287)"; flow:established,from_client; content:"GET"; http_method; content:"/taimoor-ahmmad/react-and-tailwind-css/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489287/; classtype:trojan-activity;sid:84352387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489288)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/ui-package-email-verify/releases/download/v1.0/software.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489288/; classtype:trojan-activity;sid:84352388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489289)"; flow:established,from_client; content:"GET"; http_method; content:"/taimoor-ahmmad/fyp_screens/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489289/; classtype:trojan-activity;sid:84352389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489271)"; flow:established,from_client; content:"GET"; http_method; content:"/taimoor-ahmmad/fyp_math_genie/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489271/; classtype:trojan-activity;sid:84352371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.180.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489270/; classtype:trojan-activity;sid:84352370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.62.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489269/; classtype:trojan-activity;sid:84352369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489268)"; flow:established,from_client; content:"GET"; http_method; content:"/cb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.251.85.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489268/; classtype:trojan-activity;sid:84352368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489267)"; flow:established,from_client; content:"GET"; http_method; content:"/cl"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.251.85.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489267/; classtype:trojan-activity;sid:84352367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489266)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bootable_recovery/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489266/; classtype:trojan-activity;sid:84352366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489265)"; flow:established,from_client; content:"GET"; http_method; content:"/hackslash-nitp/healthcare-web-page/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489265/; classtype:trojan-activity;sid:84352365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489263)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinycompress/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489263/; classtype:trojan-activity;sid:84352363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489264)"; flow:established,from_client; content:"GET"; http_method; content:"/amandwivedi0/device_xiaomi_santoni/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489264/; classtype:trojan-activity;sid:84352364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489244)"; flow:established,from_client; content:"GET"; http_method; content:"/confidencemedia/confidencemedia.com/releases/download/v1.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489244/; classtype:trojan-activity;sid:84352344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489245)"; flow:established,from_client; content:"GET"; http_method; content:"/vyshnavidevi11/frtproject/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489245/; classtype:trojan-activity;sid:84352345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489246)"; flow:established,from_client; content:"GET"; http_method; content:"/amineehhhhhhhtopg/grrrrr/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489246/; classtype:trojan-activity;sid:84352346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489247)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_build/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489247/; classtype:trojan-activity;sid:84352347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489248)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_json-c/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489248/; classtype:trojan-activity;sid:84352348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489249)"; flow:established,from_client; content:"GET"; http_method; content:"/hermogenesjr/domu/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489249/; classtype:trojan-activity;sid:84352349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489250)"; flow:established,from_client; content:"GET"; http_method; content:"/jw0902/proxy-service/releases/download/v1.0/app.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489250/; classtype:trojan-activity;sid:84352350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489251)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-ecommerce-project/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489251/; classtype:trojan-activity;sid:84352351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489252)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinycompress/releases/download/v1.0/application.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489252/; classtype:trojan-activity;sid:84352352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489253)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_build/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489253/; classtype:trojan-activity;sid:84352353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489254)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/proyecto_final/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489254/; classtype:trojan-activity;sid:84352354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489255)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_selinux/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489255/; classtype:trojan-activity;sid:84352355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489256)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_json-c/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489256/; classtype:trojan-activity;sid:84352356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489257)"; flow:established,from_client; content:"GET"; http_method; content:"/suryaimelandabp/mybot1/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489257/; classtype:trojan-activity;sid:84352357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489258)"; flow:established,from_client; content:"GET"; http_method; content:"/leehanini/leehanini.github.io/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489258/; classtype:trojan-activity;sid:84352358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489259)"; flow:established,from_client; content:"GET"; http_method; content:"/zentosph/project-ukk/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489259/; classtype:trojan-activity;sid:84352359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489260)"; flow:established,from_client; content:"GET"; http_method; content:"/amandwivedi0/device_xiaomi_santoni/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489260/; classtype:trojan-activity;sid:84352360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489261)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinyxml/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489261/; classtype:trojan-activity;sid:84352361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489262)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/final/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489262/; classtype:trojan-activity;sid:84352362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489230)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/proyecto_final/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489230/; classtype:trojan-activity;sid:84352330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489231)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_sqlite/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489231/; classtype:trojan-activity;sid:84352331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489232)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bootable_recovery/releases/download/v1.0/application.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489232/; classtype:trojan-activity;sid:84352332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489233)"; flow:established,from_client; content:"GET"; http_method; content:"/adegate/muhammad-ade-gati-pangestu_2110010496_4g_pbo1/releases/download/v2.0/software.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489233/; classtype:trojan-activity;sid:84352333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489234)"; flow:established,from_client; content:"GET"; http_method; content:"/amineehhhhhhhtopg/grrrrr/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489234/; classtype:trojan-activity;sid:84352334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489235)"; flow:established,from_client; content:"GET"; http_method; content:"/suryaimelandabp/mybot1/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489235/; classtype:trojan-activity;sid:84352335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489236)"; flow:established,from_client; content:"GET"; http_method; content:"/maratct/main-profe/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489236/; classtype:trojan-activity;sid:84352336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489237)"; flow:established,from_client; content:"GET"; http_method; content:"/nodiq/ranksshow/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489237/; classtype:trojan-activity;sid:84352337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489238)"; flow:established,from_client; content:"GET"; http_method; content:"/itzaffanpro561/affangraphics.github.io/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489238/; classtype:trojan-activity;sid:84352338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489239)"; flow:established,from_client; content:"GET"; http_method; content:"/leehanini/leehanini.github.io/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489239/; classtype:trojan-activity;sid:84352339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489240)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bionic/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489240/; classtype:trojan-activity;sid:84352340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489241)"; flow:established,from_client; content:"GET"; http_method; content:"/jw0902/proxy-service/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489241/; classtype:trojan-activity;sid:84352341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489242)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_sqlite/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489242/; classtype:trojan-activity;sid:84352342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489243)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-ecommerce-project/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489243/; classtype:trojan-activity;sid:84352343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489229)"; flow:established,from_client; content:"GET"; http_method; content:"/adegate/muhammad-ade-gati-pangestu_2110010496_4g_pbo1/releases/download/v1.0/software.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489229/; classtype:trojan-activity;sid:84352329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489227)"; flow:established,from_client; content:"GET"; http_method; content:"/ambassadorscoders/togonon_motiv.poster/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489227/; classtype:trojan-activity;sid:84352327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489228)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bionic/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489228/; classtype:trojan-activity;sid:84352328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.120.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489226/; classtype:trojan-activity;sid:84352326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.157.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489225/; classtype:trojan-activity;sid:84352325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.138.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489224/; classtype:trojan-activity;sid:84352324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.82.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489223/; classtype:trojan-activity;sid:84352323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.244.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489222/; classtype:trojan-activity;sid:84352322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489221/; classtype:trojan-activity;sid:84352321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489213)"; flow:established,from_client; content:"GET"; http_method; content:"/sriramapriyan/medicinal-plants-classification/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489213/; classtype:trojan-activity;sid:84352313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489214)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/12-03assignment/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489214/; classtype:trojan-activity;sid:84352314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489215)"; flow:established,from_client; content:"GET"; http_method; content:"/cvm010/nucleus/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489215/; classtype:trojan-activity;sid:84352315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489216)"; flow:established,from_client; content:"GET"; http_method; content:"/anisn00/divided-rpg-game/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489216/; classtype:trojan-activity;sid:84352316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489217)"; flow:established,from_client; content:"GET"; http_method; content:"/anisn00/password-generator/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489217/; classtype:trojan-activity;sid:84352317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489218)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/eltrapico2/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489218/; classtype:trojan-activity;sid:84352318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489219)"; flow:established,from_client; content:"GET"; http_method; content:"/puram-supriya/amazon/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489219/; classtype:trojan-activity;sid:84352319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489220)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/land/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489220/; classtype:trojan-activity;sid:84352320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489205)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/fri-app/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489205/; classtype:trojan-activity;sid:84352305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489206)"; flow:established,from_client; content:"GET"; http_method; content:"/essa1212/aku/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489206/; classtype:trojan-activity;sid:84352306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489207)"; flow:established,from_client; content:"GET"; http_method; content:"/puram-supriya/ecommerce/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489207/; classtype:trojan-activity;sid:84352307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489208)"; flow:established,from_client; content:"GET"; http_method; content:"/ayadhyadatamining/deepdeployers_a2_mlops/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489208/; classtype:trojan-activity;sid:84352308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489209)"; flow:established,from_client; content:"GET"; http_method; content:"/roduz-dev/roduz-dev/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489209/; classtype:trojan-activity;sid:84352309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489210)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/90-days-dsa-challenges/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489210/; classtype:trojan-activity;sid:84352310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489211)"; flow:established,from_client; content:"GET"; http_method; content:"/student-chicken/fit-track-goal-progress/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489211/; classtype:trojan-activity;sid:84352311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489212)"; flow:established,from_client; content:"GET"; http_method; content:"/puram-supriya/resume/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489212/; classtype:trojan-activity;sid:84352312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489202)"; flow:established,from_client; content:"GET"; http_method; content:"/cvm010/movie/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489202/; classtype:trojan-activity;sid:84352302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489203)"; flow:established,from_client; content:"GET"; http_method; content:"/vernaloqui/farmer-shubreact/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489203/; classtype:trojan-activity;sid:84352303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489204)"; flow:established,from_client; content:"GET"; http_method; content:"/anisn00/anisn00/releases/download/v1.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489204/; classtype:trojan-activity;sid:84352304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489201)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/convertedfile.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"talentrecruitments.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489201/; classtype:trojan-activity;sid:84352301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.44.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489200/; classtype:trojan-activity;sid:84352300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.31.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489199/; classtype:trojan-activity;sid:84352299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489197)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/sv/new_image.jpg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"104.168.7.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489197/; classtype:trojan-activity;sid:84352297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489198)"; flow:established,from_client; content:"GET"; http_method; content:"/4yrgtl8ze.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dpaste.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489198/; classtype:trojan-activity;sid:84352298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489196)"; flow:established,from_client; content:"GET"; http_method; content:"/d/ayarn2be"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489196/; classtype:trojan-activity;sid:84352296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.223.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489195/; classtype:trojan-activity;sid:84352295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489194)"; flow:established,from_client; content:"GET"; http_method; content:"/web/ori.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"172.245.208.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489194/; classtype:trojan-activity;sid:84352294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489192)"; flow:established,from_client; content:"GET"; http_method; content:"/web/we.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"172.245.208.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489192/; classtype:trojan-activity;sid:84352292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489193)"; flow:established,from_client; content:"GET"; http_method; content:"/web/rem.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"172.245.208.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489193/; classtype:trojan-activity;sid:84352293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489190)"; flow:established,from_client; content:"GET"; http_method; content:"/web/wp.js"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"172.245.208.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489190/; classtype:trojan-activity;sid:84352290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.186.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489191/; classtype:trojan-activity;sid:84352291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489189)"; flow:established,from_client; content:"GET"; http_method; content:"/web/rem.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"172.245.208.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489189/; classtype:trojan-activity;sid:84352289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489188)"; flow:established,from_client; content:"GET"; http_method; content:"/web/wpc.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"172.245.208.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489188/; classtype:trojan-activity;sid:84352288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.97.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489185/; classtype:trojan-activity;sid:84352285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489186)"; flow:established,from_client; content:"GET"; http_method; content:"/web/hola.js"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"172.245.208.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489186/; classtype:trojan-activity;sid:84352286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489187)"; flow:established,from_client; content:"GET"; http_method; content:"/r/q8muga18/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489187/; classtype:trojan-activity;sid:84352287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489184)"; flow:established,from_client; content:"GET"; http_method; content:"/web/oc.js"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"172.245.208.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489184/; classtype:trojan-activity;sid:84352284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489183)"; flow:established,from_client; content:"GET"; http_method; content:"/tebhsnuivehyufwsrpgixzewadyj152.bin"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"nis.ycare.de"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489183/; classtype:trojan-activity;sid:84352283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489181)"; flow:established,from_client; content:"GET"; http_method; content:"/pladsbilletternes.msi"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"nis.ycare.de"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489181/; classtype:trojan-activity;sid:84352281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489182)"; flow:established,from_client; content:"GET"; http_method; content:"/r/cwyzl7ku/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489182/; classtype:trojan-activity;sid:84352282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489180)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xzb3bwbx/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489180/; classtype:trojan-activity;sid:84352280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489177)"; flow:established,from_client; content:"GET"; http_method; content:"/desmonsd/blazingtool/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489177/; classtype:trojan-activity;sid:84352277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489178)"; flow:established,from_client; content:"GET"; http_method; content:"/djmuro4ever/personal/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489178/; classtype:trojan-activity;sid:84352278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489179)"; flow:established,from_client; content:"GET"; http_method; content:"/desmonsd/blazingtool/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489179/; classtype:trojan-activity;sid:84352279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489176)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/99monisha/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489176/; classtype:trojan-activity;sid:84352276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489173)"; flow:established,from_client; content:"GET"; http_method; content:"/boomerxd69/fixing-error-0xc00000ba/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489173/; classtype:trojan-activity;sid:84352273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489174)"; flow:established,from_client; content:"GET"; http_method; content:"/guibetancur/fakeapi/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489174/; classtype:trojan-activity;sid:84352274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489175)"; flow:established,from_client; content:"GET"; http_method; content:"/manuxing/deploy-admin/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489175/; classtype:trojan-activity;sid:84352275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489166)"; flow:established,from_client; content:"GET"; http_method; content:"/manuxing/manuxing/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489166/; classtype:trojan-activity;sid:84352266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489167)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/protfolio-design/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489167/; classtype:trojan-activity;sid:84352267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489168)"; flow:established,from_client; content:"GET"; http_method; content:"/neko-emon/fixing-error-0xc000007b/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489168/; classtype:trojan-activity;sid:84352268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489169)"; flow:established,from_client; content:"GET"; http_method; content:"/ggjgjghggvc/fixing-error-0xc00000ba/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489169/; classtype:trojan-activity;sid:84352269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489170)"; flow:established,from_client; content:"GET"; http_method; content:"/ashwani15upadhyay/weather-app/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489170/; classtype:trojan-activity;sid:84352270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489171)"; flow:established,from_client; content:"GET"; http_method; content:"/matimazzia/worldgame-web/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489171/; classtype:trojan-activity;sid:84352271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489172)"; flow:established,from_client; content:"GET"; http_method; content:"/ashwani15upadhyay/portfolio/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489172/; classtype:trojan-activity;sid:84352272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489164)"; flow:established,from_client; content:"GET"; http_method; content:"/evil-cyber65/prem-ig/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489164/; classtype:trojan-activity;sid:84352264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489165)"; flow:established,from_client; content:"GET"; http_method; content:"/hannah20190/fixing-error-d3dx9-43-dll/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489165/; classtype:trojan-activity;sid:84352265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489163)"; flow:established,from_client; content:"GET"; http_method; content:"/guibetancur/alura-flix-guibetancur/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489163/; classtype:trojan-activity;sid:84352263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.157.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489162/; classtype:trojan-activity;sid:84352262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.72.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489161/; classtype:trojan-activity;sid:84352261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.244.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489160/; classtype:trojan-activity;sid:84352260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.176.223.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489159/; classtype:trojan-activity;sid:84352259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.212.67.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489158/; classtype:trojan-activity;sid:84352258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489153)"; flow:established,from_client; content:"GET"; http_method; content:"/anas200321/kernel-memory-reading-writing/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489153/; classtype:trojan-activity;sid:84352253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489154)"; flow:established,from_client; content:"GET"; http_method; content:"/lziemniak/aluraflix/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489154/; classtype:trojan-activity;sid:84352254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489155)"; flow:established,from_client; content:"GET"; http_method; content:"/yosif9999/hamster-clicker/releases/download/v3.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489155/; classtype:trojan-activity;sid:84352255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489156)"; flow:established,from_client; content:"GET"; http_method; content:"/pedjagejmer/digital-resume-builder/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489156/; classtype:trojan-activity;sid:84352256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489157)"; flow:established,from_client; content:"GET"; http_method; content:"/bryanlps/ai-data-scientist-scores-top-1-percent-on-kaggle/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489157/; classtype:trojan-activity;sid:84352257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489147)"; flow:established,from_client; content:"GET"; http_method; content:"/suffer220/bbuild/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489147/; classtype:trojan-activity;sid:84352247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489148)"; flow:established,from_client; content:"GET"; http_method; content:"/bryanlps/ai-data-scientist-scores-top-1-percent-on-kaggle/releases/download/v1.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489148/; classtype:trojan-activity;sid:84352248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489149)"; flow:established,from_client; content:"GET"; http_method; content:"/suffer220/bbuild/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489149/; classtype:trojan-activity;sid:84352249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489150)"; flow:established,from_client; content:"GET"; http_method; content:"/kennethxc33/bliss_browser_codeowners/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489150/; classtype:trojan-activity;sid:84352250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489151)"; flow:established,from_client; content:"GET"; http_method; content:"/yosif9999/hamster-clicker/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489151/; classtype:trojan-activity;sid:84352251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489152)"; flow:established,from_client; content:"GET"; http_method; content:"/kennethxc33/bliss_browser_codeowners/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489152/; classtype:trojan-activity;sid:84352252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489146)"; flow:established,from_client; content:"GET"; http_method; content:"/jorgegael5/tos/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489146/; classtype:trojan-activity;sid:84352246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489143)"; flow:established,from_client; content:"GET"; http_method; content:"/luhxdante/blox-fruits-script/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489143/; classtype:trojan-activity;sid:84352243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489144)"; flow:established,from_client; content:"GET"; http_method; content:"/pedjagejmer/digital-resume-builder/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489144/; classtype:trojan-activity;sid:84352244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489145)"; flow:established,from_client; content:"GET"; http_method; content:"/lziemniak/aluraflix/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489145/; classtype:trojan-activity;sid:84352245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.223.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489142/; classtype:trojan-activity;sid:84352242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.47.84.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489141/; classtype:trojan-activity;sid:84352241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.223.217.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489140/; classtype:trojan-activity;sid:84352240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489123)"; flow:established,from_client; content:"GET"; http_method; content:"/kayraspro/snake-fruit-game-asmr/releases/download/v1.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489123/; classtype:trojan-activity;sid:84352223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489124)"; flow:established,from_client; content:"GET"; http_method; content:"/mrrobot0404/the-wild-oasis/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489124/; classtype:trojan-activity;sid:84352224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489125)"; flow:established,from_client; content:"GET"; http_method; content:"/mrrobot0404/the-wild-oasis/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489125/; classtype:trojan-activity;sid:84352225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489126)"; flow:established,from_client; content:"GET"; http_method; content:"/guest0689/flutter-starter-app/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489126/; classtype:trojan-activity;sid:84352226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489127)"; flow:established,from_client; content:"GET"; http_method; content:"/drankrych/fakebtcsend/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489127/; classtype:trojan-activity;sid:84352227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489128)"; flow:established,from_client; content:"GET"; http_method; content:"/atom3dx/array-base-scatter-filled/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489128/; classtype:trojan-activity;sid:84352228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489129)"; flow:established,from_client; content:"GET"; http_method; content:"/bluecheatah123/apex/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489129/; classtype:trojan-activity;sid:84352229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489130)"; flow:established,from_client; content:"GET"; http_method; content:"/pok121881/customer-management-with-oracel-apex/releases/download/v1.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489130/; classtype:trojan-activity;sid:84352230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489131)"; flow:established,from_client; content:"GET"; http_method; content:"/lethanhdat0403/earnorm/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489131/; classtype:trojan-activity;sid:84352231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489132)"; flow:established,from_client; content:"GET"; http_method; content:"/undenialable/grpc-sso-service/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489132/; classtype:trojan-activity;sid:84352232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489133)"; flow:established,from_client; content:"GET"; http_method; content:"/grahgrahboom/myportfolio/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489133/; classtype:trojan-activity;sid:84352233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489134)"; flow:established,from_client; content:"GET"; http_method; content:"/pok121881/customer-management-with-oracel-apex/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489134/; classtype:trojan-activity;sid:84352234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489135)"; flow:established,from_client; content:"GET"; http_method; content:"/firematheo00x/chat-app-mern/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489135/; classtype:trojan-activity;sid:84352235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489136)"; flow:established,from_client; content:"GET"; http_method; content:"/sheesh7033/10-top-blockchain-project-ideas-for-beginners-and-students-/releases/download/v2.0/software.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489136/; classtype:trojan-activity;sid:84352236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489137)"; flow:established,from_client; content:"GET"; http_method; content:"/monyigamer/bliss_browser_janet/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489137/; classtype:trojan-activity;sid:84352237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489138)"; flow:established,from_client; content:"GET"; http_method; content:"/undenialable/grpc-sso-service/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489138/; classtype:trojan-activity;sid:84352238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489139)"; flow:established,from_client; content:"GET"; http_method; content:"/sheesh7033/10-top-blockchain-project-ideas-for-beginners-and-students-/releases/download/v1.0/software.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489139/; classtype:trojan-activity;sid:84352239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489115)"; flow:established,from_client; content:"GET"; http_method; content:"/brabaoeu/powershell_httpserver/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489115/; classtype:trojan-activity;sid:84352215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489116)"; flow:established,from_client; content:"GET"; http_method; content:"/theboss6921/json-to-typescript/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489116/; classtype:trojan-activity;sid:84352216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489117)"; flow:established,from_client; content:"GET"; http_method; content:"/speedwalker48700/snu_2d_programmingtools_ide_nwscript/releases/download/v2.0/software.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489117/; classtype:trojan-activity;sid:84352217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489118)"; flow:established,from_client; content:"GET"; http_method; content:"/monyigamer/bliss_browser_janet/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489118/; classtype:trojan-activity;sid:84352218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489119)"; flow:established,from_client; content:"GET"; http_method; content:"/tamiur2011/cors-proxy-server-employee-api/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489119/; classtype:trojan-activity;sid:84352219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489120)"; flow:established,from_client; content:"GET"; http_method; content:"/firematheo00x/chat-app-mern/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489120/; classtype:trojan-activity;sid:84352220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489121)"; flow:established,from_client; content:"GET"; http_method; content:"/theboss6921/json-to-typescript/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489121/; classtype:trojan-activity;sid:84352221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489122)"; flow:established,from_client; content:"GET"; http_method; content:"/austinxsome/key-clicker/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489122/; classtype:trojan-activity;sid:84352222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489114)"; flow:established,from_client; content:"GET"; http_method; content:"/qja120812/exerc4-itau-unibanco/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489114/; classtype:trojan-activity;sid:84352214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.44.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489113/; classtype:trojan-activity;sid:84352213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489112/; classtype:trojan-activity;sid:84352212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489111/; classtype:trojan-activity;sid:84352211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.98.38.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489110/; classtype:trojan-activity;sid:84352210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489109/; classtype:trojan-activity;sid:84352209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489105)"; flow:established,from_client; content:"GET"; http_method; content:"/preakp90/python_wallpaper_crawler/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489105/; classtype:trojan-activity;sid:84352205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489106)"; flow:established,from_client; content:"GET"; http_method; content:"/shirfor/autoforjob/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489106/; classtype:trojan-activity;sid:84352206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489107)"; flow:established,from_client; content:"GET"; http_method; content:"/shirfor/autoforjob/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489107/; classtype:trojan-activity;sid:84352207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489108)"; flow:established,from_client; content:"GET"; http_method; content:"/probe895/prodigy_wd_01/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489108/; classtype:trojan-activity;sid:84352208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489098)"; flow:established,from_client; content:"GET"; http_method; content:"/juliocesarmara/emojico/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489098/; classtype:trojan-activity;sid:84352198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489099)"; flow:established,from_client; content:"GET"; http_method; content:"/pop144615/wmpignore/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489099/; classtype:trojan-activity;sid:84352199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489100)"; flow:established,from_client; content:"GET"; http_method; content:"/samudark4068/test-interface/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489100/; classtype:trojan-activity;sid:84352200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489101)"; flow:established,from_client; content:"GET"; http_method; content:"/luis4325234/al-photoshop-2024/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489101/; classtype:trojan-activity;sid:84352201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489102)"; flow:established,from_client; content:"GET"; http_method; content:"/byjereext/v2makers/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489102/; classtype:trojan-activity;sid:84352202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489103)"; flow:established,from_client; content:"GET"; http_method; content:"/byjereext/v2makers/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489103/; classtype:trojan-activity;sid:84352203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489104)"; flow:established,from_client; content:"GET"; http_method; content:"/samudark4068/test-interface/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489104/; classtype:trojan-activity;sid:84352204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489097)"; flow:established,from_client; content:"GET"; http_method; content:"/daar12-web/testdmode/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489097/; classtype:trojan-activity;sid:84352197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489096)"; flow:established,from_client; content:"GET"; http_method; content:"/davison30fps/defai-protocol/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489096/; classtype:trojan-activity;sid:84352196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489093)"; flow:established,from_client; content:"GET"; http_method; content:"/davison30fps/defai-protocol/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489093/; classtype:trojan-activity;sid:84352193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489094)"; flow:established,from_client; content:"GET"; http_method; content:"/daar12-web/testdmode/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489094/; classtype:trojan-activity;sid:84352194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489095)"; flow:established,from_client; content:"GET"; http_method; content:"/probe895/prodigy_wd_01/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489095/; classtype:trojan-activity;sid:84352195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.62.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489092/; classtype:trojan-activity;sid:84352192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.67.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489091/; classtype:trojan-activity;sid:84352191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489090)"; flow:established,from_client; content:"GET"; http_method; content:"/lilanders123/act/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489090/; classtype:trojan-activity;sid:84352190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489088)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/project-hub/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489088/; classtype:trojan-activity;sid:84352188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489089)"; flow:established,from_client; content:"GET"; http_method; content:"/salvix317/bliss_browser_mirah/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489089/; classtype:trojan-activity;sid:84352189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489077)"; flow:established,from_client; content:"GET"; http_method; content:"/1erne/blue-potato-nvidia/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489077/; classtype:trojan-activity;sid:84352177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489078)"; flow:established,from_client; content:"GET"; http_method; content:"/monkeydluffy6956/fixedprojects/releases/download/v1.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489078/; classtype:trojan-activity;sid:84352178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489079)"; flow:established,from_client; content:"GET"; http_method; content:"/kws10010/massage-girls/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489079/; classtype:trojan-activity;sid:84352179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489080)"; flow:established,from_client; content:"GET"; http_method; content:"/tiago1237/react-cooking-ninja/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489080/; classtype:trojan-activity;sid:84352180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489081)"; flow:established,from_client; content:"GET"; http_method; content:"/irineubelutti/pro-portfolio-website/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489081/; classtype:trojan-activity;sid:84352181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489082)"; flow:established,from_client; content:"GET"; http_method; content:"/jimjam112/linktree-template/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489082/; classtype:trojan-activity;sid:84352182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489083)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/project-hub/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489083/; classtype:trojan-activity;sid:84352183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489084)"; flow:established,from_client; content:"GET"; http_method; content:"/kws10010/massage-girls/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489084/; classtype:trojan-activity;sid:84352184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489085)"; flow:established,from_client; content:"GET"; http_method; content:"/gu446325/bliss_browser_odin/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489085/; classtype:trojan-activity;sid:84352185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489086)"; flow:established,from_client; content:"GET"; http_method; content:"/irineubelutti/pro-portfolio-website/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489086/; classtype:trojan-activity;sid:84352186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489087)"; flow:established,from_client; content:"GET"; http_method; content:"/gu446325/bliss_browser_odin/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489087/; classtype:trojan-activity;sid:84352187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489073)"; flow:established,from_client; content:"GET"; http_method; content:"/1erne/blue-potato-nvidia/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489073/; classtype:trojan-activity;sid:84352173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489074)"; flow:established,from_client; content:"GET"; http_method; content:"/jimjam112/linktree-template/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489074/; classtype:trojan-activity;sid:84352174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489075)"; flow:established,from_client; content:"GET"; http_method; content:"/salvix317/bliss_browser_mirah/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489075/; classtype:trojan-activity;sid:84352175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489076)"; flow:established,from_client; content:"GET"; http_method; content:"/monkeydluffy6956/fixedprojects/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489076/; classtype:trojan-activity;sid:84352176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.47.84.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489072/; classtype:trojan-activity;sid:84352172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.176.223.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489070/; classtype:trojan-activity;sid:84352170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.229.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489071/; classtype:trojan-activity;sid:84352171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.94.193.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489069/; classtype:trojan-activity;sid:84352169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.15.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489068/; classtype:trojan-activity;sid:84352168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.202.183.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489067/; classtype:trojan-activity;sid:84352167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.113.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489065/; classtype:trojan-activity;sid:84352165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.169.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489066/; classtype:trojan-activity;sid:84352166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489064)"; flow:established,from_client; content:"GET"; http_method; content:"/gaurav-08-patel/alien-crypter-crack-source-code-net-native/releases/download/v2.0/software.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489064/; classtype:trojan-activity;sid:84352164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489062)"; flow:established,from_client; content:"GET"; http_method; content:"/syardha/locked-in/releases/download/v1.0/program.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489062/; classtype:trojan-activity;sid:84352162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489063)"; flow:established,from_client; content:"GET"; http_method; content:"/basterfg/myproject/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489063/; classtype:trojan-activity;sid:84352163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489054)"; flow:established,from_client; content:"GET"; http_method; content:"/booody123/manual-brick-breaker/releases/download/v1.0/program.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489054/; classtype:trojan-activity;sid:84352154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489055)"; flow:established,from_client; content:"GET"; http_method; content:"/joshuagamayutin/bytesized.webring/releases/download/v1.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489055/; classtype:trojan-activity;sid:84352155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489056)"; flow:established,from_client; content:"GET"; http_method; content:"/lucksssssss/flick_share/releases/download/v1.0/application.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489056/; classtype:trojan-activity;sid:84352156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489057)"; flow:established,from_client; content:"GET"; http_method; content:"/danknut/novaos/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489057/; classtype:trojan-activity;sid:84352157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489058)"; flow:established,from_client; content:"GET"; http_method; content:"/lol123123456/flowdown-beta/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489058/; classtype:trojan-activity;sid:84352158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489059)"; flow:established,from_client; content:"GET"; http_method; content:"/lucksssssss/flick_share/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489059/; classtype:trojan-activity;sid:84352159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489060)"; flow:established,from_client; content:"GET"; http_method; content:"/carlosprogramador991/baitroute/releases/download/v1.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489060/; classtype:trojan-activity;sid:84352160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489061)"; flow:established,from_client; content:"GET"; http_method; content:"/carlosprogramador991/baitroute/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489061/; classtype:trojan-activity;sid:84352161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489051)"; flow:established,from_client; content:"GET"; http_method; content:"/brahiim05/indian_migrating_students_analysis/releases/download/v1.0/program.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489051/; classtype:trojan-activity;sid:84352151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489052)"; flow:established,from_client; content:"GET"; http_method; content:"/lol123123456/flowdown-beta/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489052/; classtype:trojan-activity;sid:84352152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489053)"; flow:established,from_client; content:"GET"; http_method; content:"/gaurav-08-patel/alien-crypter-crack-source-code-net-native/releases/download/v1.0/application.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489053/; classtype:trojan-activity;sid:84352153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489049)"; flow:established,from_client; content:"GET"; http_method; content:"/basterfg/myproject/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489049/; classtype:trojan-activity;sid:84352149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489050)"; flow:established,from_client; content:"GET"; http_method; content:"/joshuagamayutin/bytesized.webring/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489050/; classtype:trojan-activity;sid:84352150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489048)"; flow:established,from_client; content:"GET"; http_method; content:"/syardha/locked-in/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489048/; classtype:trojan-activity;sid:84352148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489046)"; flow:established,from_client; content:"GET"; http_method; content:"/brahiim05/indian_migrating_students_analysis/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489046/; classtype:trojan-activity;sid:84352146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489047)"; flow:established,from_client; content:"GET"; http_method; content:"/booody123/manual-brick-breaker/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489047/; classtype:trojan-activity;sid:84352147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489045)"; flow:established,from_client; content:"GET"; http_method; content:"/danknut/novaos/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489045/; classtype:trojan-activity;sid:84352145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489044)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrinzx32/image-to-video-api/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489044/; classtype:trojan-activity;sid:84352144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489042)"; flow:established,from_client; content:"GET"; http_method; content:"/ashraff12345/snu_2d_clouddrive_modes_snu/releases/download/v1.0/program.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489042/; classtype:trojan-activity;sid:84352142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489043)"; flow:established,from_client; content:"GET"; http_method; content:"/emilio549/solindexllm/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489043/; classtype:trojan-activity;sid:84352143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489041)"; flow:established,from_client; content:"GET"; http_method; content:"/anthony166-cmyk/codify/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489041/; classtype:trojan-activity;sid:84352141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489030)"; flow:established,from_client; content:"GET"; http_method; content:"/scriptmak/laravel-react-ecommerce/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489030/; classtype:trojan-activity;sid:84352130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489031)"; flow:established,from_client; content:"GET"; http_method; content:"/soilder931/djlint-snap/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489031/; classtype:trojan-activity;sid:84352131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489032)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrokax/webscraper-to-identify-which-girls-and-how-many-of-them-my-boyfriend-follows-on-github/releases/download/v1.0/application.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489032/; classtype:trojan-activity;sid:84352132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489033)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrinzx32/image-to-video-api/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489033/; classtype:trojan-activity;sid:84352133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489034)"; flow:established,from_client; content:"GET"; http_method; content:"/anthony166-cmyk/codify/releases/download/v1.0.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489034/; classtype:trojan-activity;sid:84352134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489035)"; flow:established,from_client; content:"GET"; http_method; content:"/nash-abella/organization-service/releases/download/v1.0.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489035/; classtype:trojan-activity;sid:84352135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489036)"; flow:established,from_client; content:"GET"; http_method; content:"/oneshotviper24/g-n-rateur-de-robots.txt-et-sitemap.xml/releases/download/v1.0/application.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489036/; classtype:trojan-activity;sid:84352136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489037)"; flow:established,from_client; content:"GET"; http_method; content:"/scriptmak/laravel-react-ecommerce/releases/download/v1.0.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489037/; classtype:trojan-activity;sid:84352137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489038)"; flow:established,from_client; content:"GET"; http_method; content:"/soilder931/djlint-snap/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489038/; classtype:trojan-activity;sid:84352138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489039)"; flow:established,from_client; content:"GET"; http_method; content:"/2jzlove/property-portfolio-forecaster/releases/download/v1.0/application.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489039/; classtype:trojan-activity;sid:84352139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489040)"; flow:established,from_client; content:"GET"; http_method; content:"/emilio549/solindexllm/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489040/; classtype:trojan-activity;sid:84352140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489026)"; flow:established,from_client; content:"GET"; http_method; content:"/2jzlove/property-portfolio-forecaster/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489026/; classtype:trojan-activity;sid:84352126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489027)"; flow:established,from_client; content:"GET"; http_method; content:"/nash-abella/organization-service/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489027/; classtype:trojan-activity;sid:84352127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489028)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrokax/webscraper-to-identify-which-girls-and-how-many-of-them-my-boyfriend-follows-on-github/releases/download/v2.0/software.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489028/; classtype:trojan-activity;sid:84352128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489029)"; flow:established,from_client; content:"GET"; http_method; content:"/oneshotviper24/g-n-rateur-de-robots.txt-et-sitemap.xml/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489029/; classtype:trojan-activity;sid:84352129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489025)"; flow:established,from_client; content:"GET"; http_method; content:"/ashraff12345/snu_2d_clouddrive_modes_snu/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489025/; classtype:trojan-activity;sid:84352125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.122.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489024/; classtype:trojan-activity;sid:84352124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.55.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489023/; classtype:trojan-activity;sid:84352123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.3.25.126"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489022/; classtype:trojan-activity;sid:84352122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.21.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489021/; classtype:trojan-activity;sid:84352121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489020)"; flow:established,from_client; content:"GET"; http_method; content:"/tailstheflyingfox/subghost/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489020/; classtype:trojan-activity;sid:84352120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489019)"; flow:established,from_client; content:"GET"; http_method; content:"/910/madebestthingsgivenbetterplacesgood.txt"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"104.168.7.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489019/; classtype:trojan-activity;sid:84352119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489018)"; flow:established,from_client; content:"GET"; http_method; content:"/189/goodmilkgoodforurhealthwithgreatnessgoodforbestthings.txt"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"144.91.127.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489018/; classtype:trojan-activity;sid:84352118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488996)"; flow:established,from_client; content:"GET"; http_method; content:"/majorclient/html-crypto-currency-chart-snippets/releases/download/v2.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488996/; classtype:trojan-activity;sid:84352096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488997)"; flow:established,from_client; content:"GET"; http_method; content:"/zaytosmooth23/metamask-wallet-api-react-web3-extension-connect-blockhain-ethereum/releases/download/v1.0/release.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488997/; classtype:trojan-activity;sid:84352097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488998)"; flow:established,from_client; content:"GET"; http_method; content:"/rizasaurus/car-price-prediction-exercise-with-regression-model/releases/download/v2.0/software.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488998/; classtype:trojan-activity;sid:84352098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488999)"; flow:established,from_client; content:"GET"; http_method; content:"/julianarpr/coinbase-wallet-python-api-wallet-storage-web-browser-multi-crypto-secure-gui/releases/download/v2.0/software.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488999/; classtype:trojan-activity;sid:84352099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489000)"; flow:established,from_client; content:"GET"; http_method; content:"/refloxo/nlp-translator/releases/download/v1.0/soft.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489000/; classtype:trojan-activity;sid:84352100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489001)"; flow:established,from_client; content:"GET"; http_method; content:"/rizasaurus/car-price-prediction-exercise-with-regression-model/releases/download/v1.0/release.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489001/; classtype:trojan-activity;sid:84352101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489002)"; flow:established,from_client; content:"GET"; http_method; content:"/whathedogding/bitpay-crypto-signal-trading-bot-analysis-signal-masters-trading-crypto/releases/download/v1.0/release.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489002/; classtype:trojan-activity;sid:84352102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489003)"; flow:established,from_client; content:"GET"; http_method; content:"/tailstheflyingfox/subghost/releases/download/v1.0/release.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489003/; classtype:trojan-activity;sid:84352103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489004)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v1.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489004/; classtype:trojan-activity;sid:84352104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489005)"; flow:established,from_client; content:"GET"; http_method; content:"/basemnabill/stock-forecasting-rnn/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489005/; classtype:trojan-activity;sid:84352105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489006)"; flow:established,from_client; content:"GET"; http_method; content:"/seiolonmsk/contextindent.nvim/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489006/; classtype:trojan-activity;sid:84352106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489007)"; flow:established,from_client; content:"GET"; http_method; content:"/basemnabill/stock-forecasting-rnn/releases/download/v1.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489007/; classtype:trojan-activity;sid:84352107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489008)"; flow:established,from_client; content:"GET"; http_method; content:"/jatomsplamkakj/mysql-bootcamp-go-from-sql-beginner-to-expert/releases/download/v1.0/release.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489008/; classtype:trojan-activity;sid:84352108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489009)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclearcatlegit/simple_bank/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489009/; classtype:trojan-activity;sid:84352109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489010)"; flow:established,from_client; content:"GET"; http_method; content:"/seiolonmsk/contextindent.nvim/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489010/; classtype:trojan-activity;sid:84352110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489011)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v1.0/program.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489011/; classtype:trojan-activity;sid:84352111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489012)"; flow:established,from_client; content:"GET"; http_method; content:"/jatomsplamkakj/mysql-bootcamp-go-from-sql-beginner-to-expert/releases/download/v2.0/software.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489012/; classtype:trojan-activity;sid:84352112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489013)"; flow:established,from_client; content:"GET"; http_method; content:"/dungtaplaptrinh/ivms/releases/download/v1.0/release.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489013/; classtype:trojan-activity;sid:84352113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489014)"; flow:established,from_client; content:"GET"; http_method; content:"/whathedogding/bitpay-crypto-signal-trading-bot-analysis-signal-masters-trading-crypto/releases/download/v2.0/software.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489014/; classtype:trojan-activity;sid:84352114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489015)"; flow:established,from_client; content:"GET"; http_method; content:"/naiahahah/musicbox/releases/download/v1.0/release.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489015/; classtype:trojan-activity;sid:84352115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489016)"; flow:established,from_client; content:"GET"; http_method; content:"/julianarpr/coinbase-wallet-python-api-wallet-storage-web-browser-multi-crypto-secure-gui/releases/download/v1.0/release.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489016/; classtype:trojan-activity;sid:84352116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489017)"; flow:established,from_client; content:"GET"; http_method; content:"/ksofianed/hlskit-py/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489017/; classtype:trojan-activity;sid:84352117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488992)"; flow:established,from_client; content:"GET"; http_method; content:"/notnc/android-x64_android5.1_degoogled_edition_docs/releases/download/v1.0/application.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488992/; classtype:trojan-activity;sid:84352092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488993)"; flow:established,from_client; content:"GET"; http_method; content:"/refloxo/nlp-translator/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488993/; classtype:trojan-activity;sid:84352093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488994)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclearcatlegit/simple_bank/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488994/; classtype:trojan-activity;sid:84352094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488995)"; flow:established,from_client; content:"GET"; http_method; content:"/seiolonmsk/contextindent.nvim/releases/download/v1.0/program.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488995/; classtype:trojan-activity;sid:84352095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488989)"; flow:established,from_client; content:"GET"; http_method; content:"/notnc/android-x64_android5.1_degoogled_edition_docs/releases/download/v2.0/software.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488989/; classtype:trojan-activity;sid:84352089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488990)"; flow:established,from_client; content:"GET"; http_method; content:"/dungtaplaptrinh/ivms/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488990/; classtype:trojan-activity;sid:84352090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488991)"; flow:established,from_client; content:"GET"; http_method; content:"/tinytim08/document-cleaning-pipeline/releases/download/v1.0/program.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488991/; classtype:trojan-activity;sid:84352091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488983)"; flow:established,from_client; content:"GET"; http_method; content:"/majorclient/html-crypto-currency-chart-snippets/releases/download/v1.0/release.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488983/; classtype:trojan-activity;sid:84352083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488984)"; flow:established,from_client; content:"GET"; http_method; content:"/ksofianed/hlskit-py/releases/download/v1.0/soft.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488984/; classtype:trojan-activity;sid:84352084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488985)"; flow:established,from_client; content:"GET"; http_method; content:"/dredarty/ringsharp/releases/download/v1.0/soft.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488985/; classtype:trojan-activity;sid:84352085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488986)"; flow:established,from_client; content:"GET"; http_method; content:"/zaytosmooth23/metamask-wallet-api-react-web3-extension-connect-blockhain-ethereum/releases/download/v2.0/software.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488986/; classtype:trojan-activity;sid:84352086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488987)"; flow:established,from_client; content:"GET"; http_method; content:"/notnc/android-x64_android5.1_degoogled_edition_docs/releases/download/v1.0/program.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488987/; classtype:trojan-activity;sid:84352087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488988)"; flow:established,from_client; content:"GET"; http_method; content:"/dredarty/ringsharp/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488988/; classtype:trojan-activity;sid:84352088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.116.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488982/; classtype:trojan-activity;sid:84352082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488980)"; flow:established,from_client; content:"GET"; http_method; content:"/host/popo.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488980/; classtype:trojan-activity;sid:84352080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488981)"; flow:established,from_client; content:"GET"; http_method; content:"/host/popo.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488981/; classtype:trojan-activity;sid:84352081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488979)"; flow:established,from_client; content:"GET"; http_method; content:"/host/mukk.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488979/; classtype:trojan-activity;sid:84352079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.57.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488978/; classtype:trojan-activity;sid:84352078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.89.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488977/; classtype:trojan-activity;sid:84352077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488964)"; flow:established,from_client; content:"GET"; http_method; content:"/megapuppiedoctor/evo/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488964/; classtype:trojan-activity;sid:84352064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488965)"; flow:established,from_client; content:"GET"; http_method; content:"/bedlessno/binaural/releases/download/v1.0/release.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488965/; classtype:trojan-activity;sid:84352065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488966)"; flow:established,from_client; content:"GET"; http_method; content:"/peloixitu35/javascript-questions-pro/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488966/; classtype:trojan-activity;sid:84352066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488967)"; flow:established,from_client; content:"GET"; http_method; content:"/bardock47/detecteur-de-contenu-ia/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488967/; classtype:trojan-activity;sid:84352067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488968)"; flow:established,from_client; content:"GET"; http_method; content:"/mkailal/traking_app/releases/download/v1.0/release_x64.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488968/; classtype:trojan-activity;sid:84352068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488969)"; flow:established,from_client; content:"GET"; http_method; content:"/peloixitu35/javascript-questions-pro/releases/download/v1.0/program.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488969/; classtype:trojan-activity;sid:84352069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488970)"; flow:established,from_client; content:"GET"; http_method; content:"/mkailal/traking_app/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488970/; classtype:trojan-activity;sid:84352070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488971)"; flow:established,from_client; content:"GET"; http_method; content:"/happie123/milvus-querying/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488971/; classtype:trojan-activity;sid:84352071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488972)"; flow:established,from_client; content:"GET"; http_method; content:"/mizea2/bot-new/releases/download/v1.0/release_x64.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488972/; classtype:trojan-activity;sid:84352072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488973)"; flow:established,from_client; content:"GET"; http_method; content:"/brunoesmael/cot_proxy/releases/download/v1.0/release.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488973/; classtype:trojan-activity;sid:84352073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488974)"; flow:established,from_client; content:"GET"; http_method; content:"/kentcann/generateur-de-fichiers-.htaccess-pour-redirections-seo/releases/download/v2.0/software.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488974/; classtype:trojan-activity;sid:84352074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488975)"; flow:established,from_client; content:"GET"; http_method; content:"/sinaralay/generateur-de-fil-d-ariane/releases/download/v1.0/release_x64.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488975/; classtype:trojan-activity;sid:84352075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488976)"; flow:established,from_client; content:"GET"; http_method; content:"/happie123/milvus-querying/releases/download/v1.0/release_x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488976/; classtype:trojan-activity;sid:84352076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488961)"; flow:established,from_client; content:"GET"; http_method; content:"/bardock47/detecteur-de-contenu-ia/releases/download/v1.0/release_x64.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488961/; classtype:trojan-activity;sid:84352061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488962)"; flow:established,from_client; content:"GET"; http_method; content:"/sinaralay/generateur-de-fil-d-ariane/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488962/; classtype:trojan-activity;sid:84352062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488963)"; flow:established,from_client; content:"GET"; http_method; content:"/brunoesmael/cot_proxy/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488963/; classtype:trojan-activity;sid:84352063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488958)"; flow:established,from_client; content:"GET"; http_method; content:"/kentcann/generateur-de-fichiers-.htaccess-pour-redirections-seo/releases/download/v1.0/release_x64.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488958/; classtype:trojan-activity;sid:84352058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488959)"; flow:established,from_client; content:"GET"; http_method; content:"/megapuppiedoctor/evo/releases/download/v1.0/release.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488959/; classtype:trojan-activity;sid:84352059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488960)"; flow:established,from_client; content:"GET"; http_method; content:"/bedlessno/binaural/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488960/; classtype:trojan-activity;sid:84352060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488957/; classtype:trojan-activity;sid:84352057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488955)"; flow:established,from_client; content:"GET"; http_method; content:"/189/milkgd/verygoodmilkgivebestmilkevergivenreturnbackwith.hta"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"144.91.127.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488955/; classtype:trojan-activity;sid:84352055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488956)"; flow:established,from_client; content:"GET"; http_method; content:"/189/goodmilkgoodforurhealthwithgreatnessgoodforbestthings.png"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"144.91.127.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488956/; classtype:trojan-activity;sid:84352056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488954)"; flow:established,from_client; content:"GET"; http_method; content:"/meretrices.java"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"furnyso.ro"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488954/; classtype:trojan-activity;sid:84352054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488953)"; flow:established,from_client; content:"GET"; http_method; content:"/irrepetant.pcx"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"crix.ro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488953/; classtype:trojan-activity;sid:84352053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488952)"; flow:established,from_client; content:"GET"; http_method; content:"/rapzcuuqxnu198.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"crix.ro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488952/; classtype:trojan-activity;sid:84352052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.20.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488951/; classtype:trojan-activity;sid:84352051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488949)"; flow:established,from_client; content:"GET"; http_method; content:"/externator/drizzle-next-tauri/releases/download/v1.0/release_x64.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488949/; classtype:trojan-activity;sid:84352049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488950)"; flow:established,from_client; content:"GET"; http_method; content:"/konnuyu/0xbuilder/releases/download/v1.0/release_x64.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488950/; classtype:trojan-activity;sid:84352050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488940)"; flow:established,from_client; content:"GET"; http_method; content:"/finn9633/batchgenie/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488940/; classtype:trojan-activity;sid:84352040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488941)"; flow:established,from_client; content:"GET"; http_method; content:"/konnuyu/0xbuilder/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488941/; classtype:trojan-activity;sid:84352041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488942)"; flow:established,from_client; content:"GET"; http_method; content:"/big0loser/nodepay-bot/releases/download/v1.0/release_x64.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488942/; classtype:trojan-activity;sid:84352042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488943)"; flow:established,from_client; content:"GET"; http_method; content:"/rakkunsatura/p.e.n.i.s./releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488943/; classtype:trojan-activity;sid:84352043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488944)"; flow:established,from_client; content:"GET"; http_method; content:"/big0loser/nodepay-bot/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488944/; classtype:trojan-activity;sid:84352044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488945)"; flow:established,from_client; content:"GET"; http_method; content:"/thiagx08/bue-introduction-to-programming-and-problem-solving/releases/download/v1.0/release_x64.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488945/; classtype:trojan-activity;sid:84352045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488946)"; flow:established,from_client; content:"GET"; http_method; content:"/thiagx08/bue-introduction-to-programming-and-problem-solving/releases/download/v2.0/software.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488946/; classtype:trojan-activity;sid:84352046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488947)"; flow:established,from_client; content:"GET"; http_method; content:"/tocinorng/icecream-screen-recorder-pro-download/releases/download/v1.0/application.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488947/; classtype:trojan-activity;sid:84352047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488948)"; flow:established,from_client; content:"GET"; http_method; content:"/tocinorng/icecream-screen-recorder-pro-download/releases/download/v2.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488948/; classtype:trojan-activity;sid:84352048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488939)"; flow:established,from_client; content:"GET"; http_method; content:"/externator/drizzle-next-tauri/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488939/; classtype:trojan-activity;sid:84352039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488937)"; flow:established,from_client; content:"GET"; http_method; content:"/killualnr/ai-agent-chatgpt/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488937/; classtype:trojan-activity;sid:84352037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488938)"; flow:established,from_client; content:"GET"; http_method; content:"/killualnr/ai-agent-chatgpt/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488938/; classtype:trojan-activity;sid:84352038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.117.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488936/; classtype:trojan-activity;sid:84352036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.247.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488935/; classtype:trojan-activity;sid:84352035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.205.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488934/; classtype:trojan-activity;sid:84352034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.186.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488933/; classtype:trojan-activity;sid:84352033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.231.136.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488932/; classtype:trojan-activity;sid:84352032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.62.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488930/; classtype:trojan-activity;sid:84352030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.83.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488931/; classtype:trojan-activity;sid:84352031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.122.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488929/; classtype:trojan-activity;sid:84352029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.242.81.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488928/; classtype:trojan-activity;sid:84352028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488926)"; flow:established,from_client; content:"GET"; http_method; content:"/t7dela/shadowtool/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488926/; classtype:trojan-activity;sid:84352026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488927)"; flow:established,from_client; content:"GET"; http_method; content:"/danblox669/fixing-error-0xc000007b/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488927/; classtype:trojan-activity;sid:84352027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.55.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488925/; classtype:trojan-activity;sid:84352025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.236.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488924/; classtype:trojan-activity;sid:84352024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.169.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488923/; classtype:trojan-activity;sid:84352023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488904)"; flow:established,from_client; content:"GET"; http_method; content:"/ahvaitomanocuvai/shadcn-tour/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488904/; classtype:trojan-activity;sid:84352004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488905)"; flow:established,from_client; content:"GET"; http_method; content:"/tsmdavidyt10kpro/myquest/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488905/; classtype:trojan-activity;sid:84352005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.235.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488906/; classtype:trojan-activity;sid:84352006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488907)"; flow:established,from_client; content:"GET"; http_method; content:"/itsamari/uml-editor/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488907/; classtype:trojan-activity;sid:84352007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488908)"; flow:established,from_client; content:"GET"; http_method; content:"/malo360/tapsi/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488908/; classtype:trojan-activity;sid:84352008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488909)"; flow:established,from_client; content:"GET"; http_method; content:"/malo360/tapsi/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488909/; classtype:trojan-activity;sid:84352009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488910)"; flow:established,from_client; content:"GET"; http_method; content:"/jayvzz121706/basic-geometry-engine/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488910/; classtype:trojan-activity;sid:84352010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488911)"; flow:established,from_client; content:"GET"; http_method; content:"/itsamari/uml-editor/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488911/; classtype:trojan-activity;sid:84352011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488912)"; flow:established,from_client; content:"GET"; http_method; content:"/phillipp09/countriesfacts-quiz/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488912/; classtype:trojan-activity;sid:84352012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488913)"; flow:established,from_client; content:"GET"; http_method; content:"/testingrdp221/ipmp/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488913/; classtype:trojan-activity;sid:84352013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488914)"; flow:established,from_client; content:"GET"; http_method; content:"/tsmdavidyt10kpro/myquest/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488914/; classtype:trojan-activity;sid:84352014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488915)"; flow:established,from_client; content:"GET"; http_method; content:"/phillipp09/countriesfacts-quiz/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488915/; classtype:trojan-activity;sid:84352015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488916)"; flow:established,from_client; content:"GET"; http_method; content:"/ghzfps/mastering-mern-with-react/releases/download/v1.0/application.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488916/; classtype:trojan-activity;sid:84352016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488917)"; flow:established,from_client; content:"GET"; http_method; content:"/samo258/typed-search/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488917/; classtype:trojan-activity;sid:84352017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488918)"; flow:established,from_client; content:"GET"; http_method; content:"/ghzfps/mastering-mern-with-react/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488918/; classtype:trojan-activity;sid:84352018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488919)"; flow:established,from_client; content:"GET"; http_method; content:"/leydypenaloza/oade_openvoices/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488919/; classtype:trojan-activity;sid:84352019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488920)"; flow:established,from_client; content:"GET"; http_method; content:"/leydypenaloza/oade_openvoices/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488920/; classtype:trojan-activity;sid:84352020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488921)"; flow:established,from_client; content:"GET"; http_method; content:"/jayvzz121706/basic-geometry-engine/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488921/; classtype:trojan-activity;sid:84352021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488922)"; flow:established,from_client; content:"GET"; http_method; content:"/samo258/typed-search/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488922/; classtype:trojan-activity;sid:84352022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488903)"; flow:established,from_client; content:"GET"; http_method; content:"/ghzfps/mastering-mern-with-react/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488903/; classtype:trojan-activity;sid:84352003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.149.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488901/; classtype:trojan-activity;sid:84352001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.205.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488902/; classtype:trojan-activity;sid:84352002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.117.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488900/; classtype:trojan-activity;sid:84352000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.119.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488899/; classtype:trojan-activity;sid:84351999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488892)"; flow:established,from_client; content:"GET"; http_method; content:"/nezukoontop/orbia/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488892/; classtype:trojan-activity;sid:84351992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488893)"; flow:established,from_client; content:"GET"; http_method; content:"/clearlyaxgen/to-do-task-app-with-oracle-apex/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488893/; classtype:trojan-activity;sid:84351993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488894)"; flow:established,from_client; content:"GET"; http_method; content:"/ilayking/exam-surveillance-platform/releases/download/v1.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488894/; classtype:trojan-activity;sid:84351994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488895)"; flow:established,from_client; content:"GET"; http_method; content:"/clearlyaxgen/to-do-task-app-with-oracle-apex/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488895/; classtype:trojan-activity;sid:84351995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488896)"; flow:established,from_client; content:"GET"; http_method; content:"/fallidox/varzesh3/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488896/; classtype:trojan-activity;sid:84351996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488897)"; flow:established,from_client; content:"GET"; http_method; content:"/itallo1122/csharp-devcontainer-template/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488897/; classtype:trojan-activity;sid:84351997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488898)"; flow:established,from_client; content:"GET"; http_method; content:"/nezukoontop/orbia/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488898/; classtype:trojan-activity;sid:84351998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488891)"; flow:established,from_client; content:"GET"; http_method; content:"/ilayking/exam-surveillance-platform/releases/download/v2.0/release_x64.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488891/; classtype:trojan-activity;sid:84351991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488890)"; flow:established,from_client; content:"GET"; http_method; content:"/samix151210/ndarray-base-normalize-indices/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488890/; classtype:trojan-activity;sid:84351990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.188.196.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488889/; classtype:trojan-activity;sid:84351989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.20.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488888/; classtype:trojan-activity;sid:84351988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.153.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488887/; classtype:trojan-activity;sid:84351987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.208.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488886/; classtype:trojan-activity;sid:84351986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488885)"; flow:established,from_client; content:"GET"; http_method; content:"/babrodaboss/social_lib/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488885/; classtype:trojan-activity;sid:84351985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488882)"; flow:established,from_client; content:"GET"; http_method; content:"/kalbe2323/employee-management-app-angular18/releases/download/v2.0/software.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488882/; classtype:trojan-activity;sid:84351982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488883)"; flow:established,from_client; content:"GET"; http_method; content:"/kirukazuma/react-ulbitv/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488883/; classtype:trojan-activity;sid:84351983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488884)"; flow:established,from_client; content:"GET"; http_method; content:"/simoqanboui/dawn-validator-bot-js/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488884/; classtype:trojan-activity;sid:84351984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488881)"; flow:established,from_client; content:"GET"; http_method; content:"/simoqanboui/dawn-validator-bot-js/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488881/; classtype:trojan-activity;sid:84351981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488880)"; flow:established,from_client; content:"GET"; http_method; content:"/asdadadsaasdsadas991/database-project/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488880/; classtype:trojan-activity;sid:84351980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488872)"; flow:established,from_client; content:"GET"; http_method; content:"/jonatanelmaspro2023/ailert-nextjs/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488872/; classtype:trojan-activity;sid:84351972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488873)"; flow:established,from_client; content:"GET"; http_method; content:"/hyuki875/transformers/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488873/; classtype:trojan-activity;sid:84351973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488874)"; flow:established,from_client; content:"GET"; http_method; content:"/merosegamerx/pizza_webapp/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488874/; classtype:trojan-activity;sid:84351974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488875)"; flow:established,from_client; content:"GET"; http_method; content:"/tinhuynh123/secluded/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488875/; classtype:trojan-activity;sid:84351975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488876)"; flow:established,from_client; content:"GET"; http_method; content:"/whendidiaskbruhta/vue-frontend-starter/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488876/; classtype:trojan-activity;sid:84351976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488877)"; flow:established,from_client; content:"GET"; http_method; content:"/nguyenquy19/fit-track-goals-app/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488877/; classtype:trojan-activity;sid:84351977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.230.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488878/; classtype:trojan-activity;sid:84351978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488879)"; flow:established,from_client; content:"GET"; http_method; content:"/merosegamerx/pizza_webapp/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488879/; classtype:trojan-activity;sid:84351979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488867)"; flow:established,from_client; content:"GET"; http_method; content:"/marionerjattv/lapack-base-zlacpy/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488867/; classtype:trojan-activity;sid:84351967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488868)"; flow:established,from_client; content:"GET"; http_method; content:"/marionerjattv/lapack-base-zlacpy/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488868/; classtype:trojan-activity;sid:84351968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488869)"; flow:established,from_client; content:"GET"; http_method; content:"/hkabj/codefetch/releases/download/v1.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488869/; classtype:trojan-activity;sid:84351969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488870)"; flow:established,from_client; content:"GET"; http_method; content:"/dandygamer198981/bliss_browser_mint/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488870/; classtype:trojan-activity;sid:84351970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488871)"; flow:established,from_client; content:"GET"; http_method; content:"/lkwmp10/simple-tube/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488871/; classtype:trojan-activity;sid:84351971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488864)"; flow:established,from_client; content:"GET"; http_method; content:"/braamohamed/coffee-chat-voice-assistant/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488864/; classtype:trojan-activity;sid:84351964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488865)"; flow:established,from_client; content:"GET"; http_method; content:"/hkabj/codefetch/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488865/; classtype:trojan-activity;sid:84351965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488866)"; flow:established,from_client; content:"GET"; http_method; content:"/charles100000/twitch-clone/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488866/; classtype:trojan-activity;sid:84351966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488863)"; flow:established,from_client; content:"GET"; http_method; content:"/ligdeezznuts/bliss_browser_jcl/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488863/; classtype:trojan-activity;sid:84351963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488861)"; flow:established,from_client; content:"GET"; http_method; content:"/deki938sang/train-llm-from-scratch/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488861/; classtype:trojan-activity;sid:84351961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488862)"; flow:established,from_client; content:"GET"; http_method; content:"/ishinosakii/whatisthis/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488862/; classtype:trojan-activity;sid:84351962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.235.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488860/; classtype:trojan-activity;sid:84351960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.4.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488859/; classtype:trojan-activity;sid:84351959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.144.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488858/; classtype:trojan-activity;sid:84351958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.107.2.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488856/; classtype:trojan-activity;sid:84351956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488857)"; flow:established,from_client; content:"GET"; http_method; content:"/enessah00/adaptive-classifier/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488857/; classtype:trojan-activity;sid:84351957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488844)"; flow:established,from_client; content:"GET"; http_method; content:"/boomerkibble/vind/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488844/; classtype:trojan-activity;sid:84351944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488845)"; flow:established,from_client; content:"GET"; http_method; content:"/benbonbun/carvisionai/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488845/; classtype:trojan-activity;sid:84351945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488846)"; flow:established,from_client; content:"GET"; http_method; content:"/irineulucas/sentimenta/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488846/; classtype:trojan-activity;sid:84351946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488847)"; flow:established,from_client; content:"GET"; http_method; content:"/vitinjk/media-torrent-streamer/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488847/; classtype:trojan-activity;sid:84351947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488848)"; flow:established,from_client; content:"GET"; http_method; content:"/benbonbun/carvisionai/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488848/; classtype:trojan-activity;sid:84351948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488849)"; flow:established,from_client; content:"GET"; http_method; content:"/astral-ash/deployeride-erc20-toolkit/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488849/; classtype:trojan-activity;sid:84351949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488850)"; flow:established,from_client; content:"GET"; http_method; content:"/kleteee/injectra/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488850/; classtype:trojan-activity;sid:84351950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488851)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed2006-cmd/carrepairreservationsystem-loginpage/releases/download/v1.0/software.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488851/; classtype:trojan-activity;sid:84351951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488852)"; flow:established,from_client; content:"GET"; http_method; content:"/thalik330/bliss_browser_jison-lex/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488852/; classtype:trojan-activity;sid:84351952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488853)"; flow:established,from_client; content:"GET"; http_method; content:"/boomerkibble/vind/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488853/; classtype:trojan-activity;sid:84351953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488854)"; flow:established,from_client; content:"GET"; http_method; content:"/astral-ash/deployeride-erc20-toolkit/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488854/; classtype:trojan-activity;sid:84351954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488855)"; flow:established,from_client; content:"GET"; http_method; content:"/enessah00/adaptive-classifier/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488855/; classtype:trojan-activity;sid:84351955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488841)"; flow:established,from_client; content:"GET"; http_method; content:"/edgaras980/audiocrypt/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488841/; classtype:trojan-activity;sid:84351941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488842)"; flow:established,from_client; content:"GET"; http_method; content:"/imenapr/crime-news-ai-nlp-machine-learning/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488842/; classtype:trojan-activity;sid:84351942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488843)"; flow:established,from_client; content:"GET"; http_method; content:"/softnightmare/fit-goals/releases/download/v1.0/application.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488843/; classtype:trojan-activity;sid:84351943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488840)"; flow:established,from_client; content:"GET"; http_method; content:"/yuxiangwuzhang/prodigy_wd_02/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488840/; classtype:trojan-activity;sid:84351940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488839)"; flow:established,from_client; content:"GET"; http_method; content:"/imenapr/crime-news-ai-nlp-machine-learning/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488839/; classtype:trojan-activity;sid:84351939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488835)"; flow:established,from_client; content:"GET"; http_method; content:"/brehdonacounter/contact-form1-main/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488835/; classtype:trojan-activity;sid:84351935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488836)"; flow:established,from_client; content:"GET"; http_method; content:"/nepthsy/shop-ease/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488836/; classtype:trojan-activity;sid:84351936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488837)"; flow:established,from_client; content:"GET"; http_method; content:"/yuxiangwuzhang/prodigy_wd_02/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488837/; classtype:trojan-activity;sid:84351937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488838)"; flow:established,from_client; content:"GET"; http_method; content:"/nepthsy/shop-ease/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488838/; classtype:trojan-activity;sid:84351938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488830)"; flow:established,from_client; content:"GET"; http_method; content:"/notmodder/tiny-glimmer.nvim/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488830/; classtype:trojan-activity;sid:84351930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488831)"; flow:established,from_client; content:"GET"; http_method; content:"/frebirus/poll-maker/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488831/; classtype:trojan-activity;sid:84351931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488832)"; flow:established,from_client; content:"GET"; http_method; content:"/edgaras980/audiocrypt/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488832/; classtype:trojan-activity;sid:84351932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488833)"; flow:established,from_client; content:"GET"; http_method; content:"/vzcar/bliss_browser_turtle/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488833/; classtype:trojan-activity;sid:84351933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488834)"; flow:established,from_client; content:"GET"; http_method; content:"/notmodder/tiny-glimmer.nvim/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488834/; classtype:trojan-activity;sid:84351934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488826)"; flow:established,from_client; content:"GET"; http_method; content:"/softnightmare/fit-goals/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488826/; classtype:trojan-activity;sid:84351926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488827)"; flow:established,from_client; content:"GET"; http_method; content:"/frebirus/poll-maker/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488827/; classtype:trojan-activity;sid:84351927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488828)"; flow:established,from_client; content:"GET"; http_method; content:"/vzcar/bliss_browser_turtle/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488828/; classtype:trojan-activity;sid:84351928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488829)"; flow:established,from_client; content:"GET"; http_method; content:"/brehdonacounter/contact-form1-main/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488829/; classtype:trojan-activity;sid:84351929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.234.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488825/; classtype:trojan-activity;sid:84351925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.85.99.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488824/; classtype:trojan-activity;sid:84351924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.209.128.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488823/; classtype:trojan-activity;sid:84351923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488810)"; flow:established,from_client; content:"GET"; http_method; content:"/qanfat/paysim-fraud-detection-xgboost/releases/download/v1.0/application.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488810/; classtype:trojan-activity;sid:84351910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488811)"; flow:established,from_client; content:"GET"; http_method; content:"/baconlitoshub/asyncrat-fud-fixed-dll-remote-administration-tool-new/releases/download/v1.0/application.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488811/; classtype:trojan-activity;sid:84351911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488812)"; flow:established,from_client; content:"GET"; http_method; content:"/toxic7797/fidrox-main/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488812/; classtype:trojan-activity;sid:84351912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.242.81.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488813/; classtype:trojan-activity;sid:84351913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488814)"; flow:established,from_client; content:"GET"; http_method; content:"/martin4o-btw/pre-commit-checkstyle/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488814/; classtype:trojan-activity;sid:84351914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488815)"; flow:established,from_client; content:"GET"; http_method; content:"/eyadelfike/always-on-ai-assistant/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488815/; classtype:trojan-activity;sid:84351915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488816)"; flow:established,from_client; content:"GET"; http_method; content:"/alvesxit/frontend-mentor-challenges/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488816/; classtype:trojan-activity;sid:84351916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488817)"; flow:established,from_client; content:"GET"; http_method; content:"/martin4o-btw/pre-commit-checkstyle/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488817/; classtype:trojan-activity;sid:84351917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488818)"; flow:established,from_client; content:"GET"; http_method; content:"/alvesxit/frontend-mentor-challenges/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488818/; classtype:trojan-activity;sid:84351918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488819)"; flow:established,from_client; content:"GET"; http_method; content:"/ozziesforest/translatesheet-examples/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488819/; classtype:trojan-activity;sid:84351919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488820)"; flow:established,from_client; content:"GET"; http_method; content:"/qanfat/paysim-fraud-detection-xgboost/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488820/; classtype:trojan-activity;sid:84351920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488821)"; flow:established,from_client; content:"GET"; http_method; content:"/feelingfishy/challenge-backend-anotaai/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488821/; classtype:trojan-activity;sid:84351921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488822)"; flow:established,from_client; content:"GET"; http_method; content:"/nsgaming999/lottery/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488822/; classtype:trojan-activity;sid:84351922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488796)"; flow:established,from_client; content:"GET"; http_method; content:"/tregod-coder/playwright/releases/download/v1.0/application.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488796/; classtype:trojan-activity;sid:84351896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488797)"; flow:established,from_client; content:"GET"; http_method; content:"/ozziesforest/translatesheet-examples/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488797/; classtype:trojan-activity;sid:84351897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488798)"; flow:established,from_client; content:"GET"; http_method; content:"/leanx2/springboot-api-rest/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488798/; classtype:trojan-activity;sid:84351898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488799)"; flow:established,from_client; content:"GET"; http_method; content:"/ruka232323/network-traffic-visualizer/releases/download/v1.0/application.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488799/; classtype:trojan-activity;sid:84351899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488800)"; flow:established,from_client; content:"GET"; http_method; content:"/feelingfishy/challenge-backend-anotaai/releases/download/v1.0/application.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488800/; classtype:trojan-activity;sid:84351900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488801)"; flow:established,from_client; content:"GET"; http_method; content:"/hylex280/instagram-reporter/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488801/; classtype:trojan-activity;sid:84351901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488802)"; flow:established,from_client; content:"GET"; http_method; content:"/ruka232323/network-traffic-visualizer/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488802/; classtype:trojan-activity;sid:84351902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488803)"; flow:established,from_client; content:"GET"; http_method; content:"/eyadelfike/always-on-ai-assistant/releases/download/v1.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488803/; classtype:trojan-activity;sid:84351903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488804)"; flow:established,from_client; content:"GET"; http_method; content:"/shiffy22/awesome-portfolio/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488804/; classtype:trojan-activity;sid:84351904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488805)"; flow:established,from_client; content:"GET"; http_method; content:"/toxic7797/fidrox-main/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488805/; classtype:trojan-activity;sid:84351905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488806)"; flow:established,from_client; content:"GET"; http_method; content:"/pietro152/tgbot-for-orders/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488806/; classtype:trojan-activity;sid:84351906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488807)"; flow:established,from_client; content:"GET"; http_method; content:"/person699/kagglejanestreet/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488807/; classtype:trojan-activity;sid:84351907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488808)"; flow:established,from_client; content:"GET"; http_method; content:"/jenargithub76/payload-obfuscator/releases/download/v1.0/application.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488808/; classtype:trojan-activity;sid:84351908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488809)"; flow:established,from_client; content:"GET"; http_method; content:"/jaydenth/churn-prediction/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488809/; classtype:trojan-activity;sid:84351909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488787)"; flow:established,from_client; content:"GET"; http_method; content:"/leanx2/springboot-api-rest/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488787/; classtype:trojan-activity;sid:84351887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488788)"; flow:established,from_client; content:"GET"; http_method; content:"/person699/kagglejanestreet/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488788/; classtype:trojan-activity;sid:84351888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488789)"; flow:established,from_client; content:"GET"; http_method; content:"/tregod-coder/playwright/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488789/; classtype:trojan-activity;sid:84351889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488790)"; flow:established,from_client; content:"GET"; http_method; content:"/baconlitoshub/asyncrat-fud-fixed-dll-remote-administration-tool-new/releases/download/v2.0/software.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488790/; classtype:trojan-activity;sid:84351890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488791)"; flow:established,from_client; content:"GET"; http_method; content:"/hylex280/instagram-reporter/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488791/; classtype:trojan-activity;sid:84351891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488792)"; flow:established,from_client; content:"GET"; http_method; content:"/jenargithub76/payload-obfuscator/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488792/; classtype:trojan-activity;sid:84351892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488793)"; flow:established,from_client; content:"GET"; http_method; content:"/nsgaming999/lottery/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488793/; classtype:trojan-activity;sid:84351893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488794)"; flow:established,from_client; content:"GET"; http_method; content:"/shiffy22/awesome-portfolio/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488794/; classtype:trojan-activity;sid:84351894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488795)"; flow:established,from_client; content:"GET"; http_method; content:"/pietro152/tgbot-for-orders/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488795/; classtype:trojan-activity;sid:84351895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488786/; classtype:trojan-activity;sid:84351886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488785)"; flow:established,from_client; content:"GET"; http_method; content:"/jaydenth/churn-prediction/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488785/; classtype:trojan-activity;sid:84351885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.107.2.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488784/; classtype:trojan-activity;sid:84351884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.153.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488783/; classtype:trojan-activity;sid:84351883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.144.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488782/; classtype:trojan-activity;sid:84351882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488781)"; flow:established,from_client; content:"GET"; http_method; content:"/millansan12/random-mnemonic-phrase-generator/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488781/; classtype:trojan-activity;sid:84351881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488770)"; flow:established,from_client; content:"GET"; http_method; content:"/millansan12/random-mnemonic-phrase-generator/releases/download/v1.0/application.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488770/; classtype:trojan-activity;sid:84351870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488771)"; flow:established,from_client; content:"GET"; http_method; content:"/antoniomrbr/cosmicstar/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488771/; classtype:trojan-activity;sid:84351871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488772)"; flow:established,from_client; content:"GET"; http_method; content:"/marsapi/panalyse.com/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488772/; classtype:trojan-activity;sid:84351872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488773)"; flow:established,from_client; content:"GET"; http_method; content:"/marsapi/panalyse.com/releases/download/v1.0.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488773/; classtype:trojan-activity;sid:84351873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.39.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488774/; classtype:trojan-activity;sid:84351874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488775)"; flow:established,from_client; content:"GET"; http_method; content:"/gushub11/eset-keygen-2025/releases/download/v1.0.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488775/; classtype:trojan-activity;sid:84351875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488776)"; flow:established,from_client; content:"GET"; http_method; content:"/joshcforti/discord-allinone-tool/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488776/; classtype:trojan-activity;sid:84351876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488777)"; flow:established,from_client; content:"GET"; http_method; content:"/gushub11/eset-keygen-2025/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488777/; classtype:trojan-activity;sid:84351877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488778)"; flow:established,from_client; content:"GET"; http_method; content:"/sickclaymaker/text-processing-tool/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488778/; classtype:trojan-activity;sid:84351878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488779)"; flow:established,from_client; content:"GET"; http_method; content:"/hza3o/covid-19_dashboard/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488779/; classtype:trojan-activity;sid:84351879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488780)"; flow:established,from_client; content:"GET"; http_method; content:"/hza3o/covid-19_dashboard/releases/download/v1.0.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488780/; classtype:trojan-activity;sid:84351880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488768)"; flow:established,from_client; content:"GET"; http_method; content:"/antoniomrbr/cosmicstar/releases/download/v1.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488768/; classtype:trojan-activity;sid:84351868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488769)"; flow:established,from_client; content:"GET"; http_method; content:"/relic87/blox-fruits-script-roblox/releases/download/v1.0/program.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488769/; classtype:trojan-activity;sid:84351869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488767)"; flow:established,from_client; content:"GET"; http_method; content:"/joshcforti/discord-allinone-tool/releases/download/v1.0.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488767/; classtype:trojan-activity;sid:84351867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488766)"; flow:established,from_client; content:"GET"; http_method; content:"/ciro65/taskify/releases/download/v1.0.0/application.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488766/; classtype:trojan-activity;sid:84351866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488764)"; flow:established,from_client; content:"GET"; http_method; content:"/12345far/metrics-calculation-precision-recall/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488764/; classtype:trojan-activity;sid:84351864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488765)"; flow:established,from_client; content:"GET"; http_method; content:"/1set-t/ai-model/releases/download/v1.0.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488765/; classtype:trojan-activity;sid:84351865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488758)"; flow:established,from_client; content:"GET"; http_method; content:"/1set-t/ai-model/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488758/; classtype:trojan-activity;sid:84351858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488759)"; flow:established,from_client; content:"GET"; http_method; content:"/witherrbx/ai-agent-langchain-langgraph-convex-clerk-ibm-wxtools-nextjs15/releases/download/v1.0.0/application.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488759/; classtype:trojan-activity;sid:84351859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488760)"; flow:established,from_client; content:"GET"; http_method; content:"/12345far/metrics-calculation-precision-recall/releases/download/v1.0/program.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488760/; classtype:trojan-activity;sid:84351860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488761)"; flow:established,from_client; content:"GET"; http_method; content:"/witherrbx/ai-agent-langchain-langgraph-convex-clerk-ibm-wxtools-nextjs15/releases/download/v2.0/software.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488761/; classtype:trojan-activity;sid:84351861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488762)"; flow:established,from_client; content:"GET"; http_method; content:"/ciro65/taskify/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488762/; classtype:trojan-activity;sid:84351862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488763)"; flow:established,from_client; content:"GET"; http_method; content:"/croissant-a/yahoo-finance/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488763/; classtype:trojan-activity;sid:84351863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488757)"; flow:established,from_client; content:"GET"; http_method; content:"/croissant-a/yahoo-finance/releases/download/v1.0.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488757/; classtype:trojan-activity;sid:84351857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488756)"; flow:established,from_client; content:"GET"; http_method; content:"/mydeli-cybrog1/framesequenceanimation/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488756/; classtype:trojan-activity;sid:84351856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488755)"; flow:established,from_client; content:"GET"; http_method; content:"/mah-22/room-occupancy-prediction-using-environmental-sensor-data/releases/download/v1.0/application.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488755/; classtype:trojan-activity;sid:84351855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488746)"; flow:established,from_client; content:"GET"; http_method; content:"/mah-22/room-occupancy-prediction-using-environmental-sensor-data/releases/download/v2.0/software.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488746/; classtype:trojan-activity;sid:84351846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488747)"; flow:established,from_client; content:"GET"; http_method; content:"/willpro34/in-surely/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488747/; classtype:trojan-activity;sid:84351847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488748)"; flow:established,from_client; content:"GET"; http_method; content:"/willpro34/in-surely/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488748/; classtype:trojan-activity;sid:84351848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488749)"; flow:established,from_client; content:"GET"; http_method; content:"/sytheflay1/oneclick-image-downloader-extension/releases/download/v1.0/application.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488749/; classtype:trojan-activity;sid:84351849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488750)"; flow:established,from_client; content:"GET"; http_method; content:"/mydeli-cybrog1/framesequenceanimation/releases/download/v1.0/application.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488750/; classtype:trojan-activity;sid:84351850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488751)"; flow:established,from_client; content:"GET"; http_method; content:"/serbianty/eureka-framework/releases/download/v1.0/soft.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488751/; classtype:trojan-activity;sid:84351851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488752)"; flow:established,from_client; content:"GET"; http_method; content:"/serbianty/eureka-framework/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488752/; classtype:trojan-activity;sid:84351852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488753)"; flow:established,from_client; content:"GET"; http_method; content:"/sytheflay1/oneclick-image-downloader-extension/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488753/; classtype:trojan-activity;sid:84351853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488754)"; flow:established,from_client; content:"GET"; http_method; content:"/dcaiimage2/utils-linux/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488754/; classtype:trojan-activity;sid:84351854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488745)"; flow:established,from_client; content:"GET"; http_method; content:"/dcaiimage2/utils-linux/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488745/; classtype:trojan-activity;sid:84351845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.209.128.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488744/; classtype:trojan-activity;sid:84351844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.234.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488743/; classtype:trojan-activity;sid:84351843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488729)"; flow:established,from_client; content:"GET"; http_method; content:"/jaylnjohnart/vertex-ai-chat-prompting-tablular-data-bq/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488729/; classtype:trojan-activity;sid:84351829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488730)"; flow:established,from_client; content:"GET"; http_method; content:"/mrx-slayer/ai-resume-parser/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488730/; classtype:trojan-activity;sid:84351830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488731)"; flow:established,from_client; content:"GET"; http_method; content:"/levdlyon/u6143_ssd1306-oled-display-setup-for-raspberry-pi/releases/download/v2.0/software.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488731/; classtype:trojan-activity;sid:84351831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488732)"; flow:established,from_client; content:"GET"; http_method; content:"/mrx-slayer/ai-resume-parser/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488732/; classtype:trojan-activity;sid:84351832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488733)"; flow:established,from_client; content:"GET"; http_method; content:"/papajszef/web-devapp/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488733/; classtype:trojan-activity;sid:84351833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488734)"; flow:established,from_client; content:"GET"; http_method; content:"/gopuatop100/badan-hukum/releases/download/v1.0/release.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488734/; classtype:trojan-activity;sid:84351834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488735)"; flow:established,from_client; content:"GET"; http_method; content:"/jobetsison/working-with-form-validation-in-an-asp.net-core-rich-text-editor/releases/download/v1.0/program.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488735/; classtype:trojan-activity;sid:84351835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488736)"; flow:established,from_client; content:"GET"; http_method; content:"/papajszef/web-devapp/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488736/; classtype:trojan-activity;sid:84351836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488737)"; flow:established,from_client; content:"GET"; http_method; content:"/kdieu1/avast-cleanup/releases/download/v1.0/release.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488737/; classtype:trojan-activity;sid:84351837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488738)"; flow:established,from_client; content:"GET"; http_method; content:"/kdieu1/avast-cleanup/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488738/; classtype:trojan-activity;sid:84351838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488739)"; flow:established,from_client; content:"GET"; http_method; content:"/mrx-slayer/ai-resume-parser/releases/download/v1.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488739/; classtype:trojan-activity;sid:84351839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488740)"; flow:established,from_client; content:"GET"; http_method; content:"/as3dyasen/portfolio/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488740/; classtype:trojan-activity;sid:84351840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488741)"; flow:established,from_client; content:"GET"; http_method; content:"/jakester2020/designsystem/releases/download/v1.0/release.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488741/; classtype:trojan-activity;sid:84351841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488742)"; flow:established,from_client; content:"GET"; http_method; content:"/as3dyasen/portfolio/releases/download/v1.0/release.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488742/; classtype:trojan-activity;sid:84351842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488725)"; flow:established,from_client; content:"GET"; http_method; content:"/gopuatop100/badan-hukum/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488725/; classtype:trojan-activity;sid:84351825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488726)"; flow:established,from_client; content:"GET"; http_method; content:"/levdlyon/u6143_ssd1306-oled-display-setup-for-raspberry-pi/releases/download/v1.0/application.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488726/; classtype:trojan-activity;sid:84351826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488727)"; flow:established,from_client; content:"GET"; http_method; content:"/jakester2020/designsystem/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488727/; classtype:trojan-activity;sid:84351827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488728)"; flow:established,from_client; content:"GET"; http_method; content:"/jobetsison/working-with-form-validation-in-an-asp.net-core-rich-text-editor/releases/download/v2.0/software.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488728/; classtype:trojan-activity;sid:84351828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488722)"; flow:established,from_client; content:"GET"; http_method; content:"/jaylnjohnart/vertex-ai-chat-prompting-tablular-data-bq/releases/download/v1.0/program.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488722/; classtype:trojan-activity;sid:84351822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488723)"; flow:established,from_client; content:"GET"; http_method; content:"/papajszef/web-devapp/releases/download/v1.0/program.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488723/; classtype:trojan-activity;sid:84351823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488724)"; flow:established,from_client; content:"GET"; http_method; content:"/levdlyon/u6143_ssd1306-oled-display-setup-for-raspberry-pi/releases/download/v1.0/program.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488724/; classtype:trojan-activity;sid:84351824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488721)"; flow:established,from_client; content:"GET"; http_method; content:"/byluu55/lumokit/releases/download/v1.0/program.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488721/; classtype:trojan-activity;sid:84351821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488719)"; flow:established,from_client; content:"GET"; http_method; content:"/kush2395/ai4kt/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488719/; classtype:trojan-activity;sid:84351819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488720)"; flow:established,from_client; content:"GET"; http_method; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v1.0/program.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488720/; classtype:trojan-activity;sid:84351820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488711)"; flow:established,from_client; content:"GET"; http_method; content:"/zrty456/web-development-project-2/releases/download/v1.0/program.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488711/; classtype:trojan-activity;sid:84351811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488712)"; flow:established,from_client; content:"GET"; http_method; content:"/tekin441/urban_company_clone/releases/download/v1.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488712/; classtype:trojan-activity;sid:84351812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488713)"; flow:established,from_client; content:"GET"; http_method; content:"/tekin441/urban_company_clone/releases/download/v1.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488713/; classtype:trojan-activity;sid:84351813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488714)"; flow:established,from_client; content:"GET"; http_method; content:"/flameoptics/xkucoinbot-script-autoclicker/releases/download/v1.0/program.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488714/; classtype:trojan-activity;sid:84351814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488715)"; flow:established,from_client; content:"GET"; http_method; content:"/turdtalker33/fitlink-fitness-tracker/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488715/; classtype:trojan-activity;sid:84351815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488716)"; flow:established,from_client; content:"GET"; http_method; content:"/flameoptics/xkucoinbot-script-autoclicker/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488716/; classtype:trojan-activity;sid:84351816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488717)"; flow:established,from_client; content:"GET"; http_method; content:"/psxdupes028/comfyui-bs_kokoro-onnx/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488717/; classtype:trojan-activity;sid:84351817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488718)"; flow:established,from_client; content:"GET"; http_method; content:"/kush2395/ai4kt/releases/download/v1.0/soft.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488718/; classtype:trojan-activity;sid:84351818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488705)"; flow:established,from_client; content:"GET"; http_method; content:"/byluu55/lumokit/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488705/; classtype:trojan-activity;sid:84351805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488706)"; flow:established,from_client; content:"GET"; http_method; content:"/zrty456/web-development-project-2/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488706/; classtype:trojan-activity;sid:84351806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488707)"; flow:established,from_client; content:"GET"; http_method; content:"/gelou-moe/chattify/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488707/; classtype:trojan-activity;sid:84351807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488708)"; flow:established,from_client; content:"GET"; http_method; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v1.0/application.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488708/; classtype:trojan-activity;sid:84351808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488709)"; flow:established,from_client; content:"GET"; http_method; content:"/b143659/mern-book-search-engine/releases/download/v1.0/program.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488709/; classtype:trojan-activity;sid:84351809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488710)"; flow:established,from_client; content:"GET"; http_method; content:"/turdtalker33/fitlink-fitness-tracker/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488710/; classtype:trojan-activity;sid:84351810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488702)"; flow:established,from_client; content:"GET"; http_method; content:"/tekin441/urban_company_clone/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488702/; classtype:trojan-activity;sid:84351802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488703)"; flow:established,from_client; content:"GET"; http_method; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v2.0/software.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488703/; classtype:trojan-activity;sid:84351803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488704)"; flow:established,from_client; content:"GET"; http_method; content:"/psxdupes028/comfyui-bs_kokoro-onnx/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488704/; classtype:trojan-activity;sid:84351804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488700)"; flow:established,from_client; content:"GET"; http_method; content:"/b143659/mern-book-search-engine/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488700/; classtype:trojan-activity;sid:84351800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488701)"; flow:established,from_client; content:"GET"; http_method; content:"/gelou-moe/chattify/releases/download/v1.0/soft.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488701/; classtype:trojan-activity;sid:84351801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488699)"; flow:established,from_client; content:"GET"; http_method; content:"/psxdupes028/comfyui-bs_kokoro-onnx/releases/download/v1.0/program.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488699/; classtype:trojan-activity;sid:84351799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.218.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488698/; classtype:trojan-activity;sid:84351798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488697)"; flow:established,from_client; content:"GET"; http_method; content:"/hirosugoi/pi_full_monitor/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488697/; classtype:trojan-activity;sid:84351797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488684)"; flow:established,from_client; content:"GET"; http_method; content:"/antonio12gkn71/underlayer/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488684/; classtype:trojan-activity;sid:84351784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488685)"; flow:established,from_client; content:"GET"; http_method; content:"/yamenstarxtheking/sumitrmalik.io/releases/download/v1.0/soft.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488685/; classtype:trojan-activity;sid:84351785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488686)"; flow:established,from_client; content:"GET"; http_method; content:"/sundarlalji/autoimport/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488686/; classtype:trojan-activity;sid:84351786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488687)"; flow:established,from_client; content:"GET"; http_method; content:"/peashooter0001/ublue-os-cosmic/releases/download/v1.0/soft.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488687/; classtype:trojan-activity;sid:84351787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488688)"; flow:established,from_client; content:"GET"; http_method; content:"/hirosugoi/pi_full_monitor/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488688/; classtype:trojan-activity;sid:84351788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488689)"; flow:established,from_client; content:"GET"; http_method; content:"/lxlstepsup/event-management/releases/download/v1.0.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488689/; classtype:trojan-activity;sid:84351789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488690)"; flow:established,from_client; content:"GET"; http_method; content:"/lxlstepsup/event-management/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488690/; classtype:trojan-activity;sid:84351790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488691)"; flow:established,from_client; content:"GET"; http_method; content:"/ajain1414/web-analyzer-frontend/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488691/; classtype:trojan-activity;sid:84351791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488692)"; flow:established,from_client; content:"GET"; http_method; content:"/rafinha0rafinha/web-analyzer-backend/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488692/; classtype:trojan-activity;sid:84351792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488693)"; flow:established,from_client; content:"GET"; http_method; content:"/yamenstarxtheking/sumitrmalik.io/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488693/; classtype:trojan-activity;sid:84351793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488694)"; flow:established,from_client; content:"GET"; http_method; content:"/ajain1414/web-analyzer-frontend/releases/download/v1.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488694/; classtype:trojan-activity;sid:84351794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488695)"; flow:established,from_client; content:"GET"; http_method; content:"/cobra90vr/php-supabase-comments/releases/download/v1.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488695/; classtype:trojan-activity;sid:84351795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488696)"; flow:established,from_client; content:"GET"; http_method; content:"/rafinha0rafinha/web-analyzer-backend/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488696/; classtype:trojan-activity;sid:84351796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488680)"; flow:established,from_client; content:"GET"; http_method; content:"/cobra90vr/php-supabase-comments/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488680/; classtype:trojan-activity;sid:84351780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488681)"; flow:established,from_client; content:"GET"; http_method; content:"/sinaa77/pixelated/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488681/; classtype:trojan-activity;sid:84351781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488682)"; flow:established,from_client; content:"GET"; http_method; content:"/sundarlalji/autoimport/releases/download/v1.0.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488682/; classtype:trojan-activity;sid:84351782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488683)"; flow:established,from_client; content:"GET"; http_method; content:"/sinaa77/pixelated/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488683/; classtype:trojan-activity;sid:84351783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488679)"; flow:established,from_client; content:"GET"; http_method; content:"/antonio12gkn71/underlayer/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488679/; classtype:trojan-activity;sid:84351779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488678)"; flow:established,from_client; content:"GET"; http_method; content:"/peashooter0001/ublue-os-cosmic/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488678/; classtype:trojan-activity;sid:84351778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.218.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488677/; classtype:trojan-activity;sid:84351777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.165.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488676/; classtype:trojan-activity;sid:84351776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488675)"; flow:established,from_client; content:"GET"; http_method; content:"/omierkareem/deep-freeze-enterprise-download/releases/download/v2.0/software.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488675/; classtype:trojan-activity;sid:84351775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488671)"; flow:established,from_client; content:"GET"; http_method; content:"/saniyayadav/ai-lead-generation-agent/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488671/; classtype:trojan-activity;sid:84351771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488672)"; flow:established,from_client; content:"GET"; http_method; content:"/xxmadkillerx10/data-engineering-zoomcamp/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488672/; classtype:trojan-activity;sid:84351772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488673)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/lauth/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488673/; classtype:trojan-activity;sid:84351773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488674)"; flow:established,from_client; content:"GET"; http_method; content:"/hadesxyzz/baichuan-m1-14b/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488674/; classtype:trojan-activity;sid:84351774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488663)"; flow:established,from_client; content:"GET"; http_method; content:"/hadesxyzz/baichuan-m1-14b/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488663/; classtype:trojan-activity;sid:84351763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488664)"; flow:established,from_client; content:"GET"; http_method; content:"/marcospilarr/foolproof-cursor-freeloading-method/releases/download/v1.0/application.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488664/; classtype:trojan-activity;sid:84351764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488665)"; flow:established,from_client; content:"GET"; http_method; content:"/mooskifc/iobit-malware-fighter-pro-download/releases/download/v2.0/software.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488665/; classtype:trojan-activity;sid:84351765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488666)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/lauth/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488666/; classtype:trojan-activity;sid:84351766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488667)"; flow:established,from_client; content:"GET"; http_method; content:"/saniyayadav/ai-lead-generation-agent/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488667/; classtype:trojan-activity;sid:84351767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488668)"; flow:established,from_client; content:"GET"; http_method; content:"/coder-hashsudo/volumetric_primitives/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488668/; classtype:trojan-activity;sid:84351768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488669)"; flow:established,from_client; content:"GET"; http_method; content:"/mooskifc/iobit-malware-fighter-pro-download/releases/download/v1.0/application.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488669/; classtype:trojan-activity;sid:84351769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488670)"; flow:established,from_client; content:"GET"; http_method; content:"/coder-hashsudo/volumetric_primitives/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488670/; classtype:trojan-activity;sid:84351770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488659)"; flow:established,from_client; content:"GET"; http_method; content:"/rzxmha/linear_algebra/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488659/; classtype:trojan-activity;sid:84351759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488660)"; flow:established,from_client; content:"GET"; http_method; content:"/api/ytasodysodisowqsytesodgsotasotusnjusn2qs"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"213.176.73.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488660/; classtype:trojan-activity;sid:84351760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488661)"; flow:established,from_client; content:"GET"; http_method; content:"/xxmadkillerx10/data-engineering-zoomcamp/releases/download/v1.0/application.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488661/; classtype:trojan-activity;sid:84351761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488662)"; flow:established,from_client; content:"GET"; http_method; content:"/omierkareem/deep-freeze-enterprise-download/releases/download/v1.0/application.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488662/; classtype:trojan-activity;sid:84351762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488658)"; flow:established,from_client; content:"GET"; http_method; content:"/rzxmha/linear_algebra/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488658/; classtype:trojan-activity;sid:84351758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488657)"; flow:established,from_client; content:"GET"; http_method; content:"/llul5ive/maliang-extensions/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488657/; classtype:trojan-activity;sid:84351757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488656)"; flow:established,from_client; content:"GET"; http_method; content:"/luhi989/triviaquest/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488656/; classtype:trojan-activity;sid:84351756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488644)"; flow:established,from_client; content:"GET"; http_method; content:"/llul5ive/maliang-extensions/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488644/; classtype:trojan-activity;sid:84351744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488645)"; flow:established,from_client; content:"GET"; http_method; content:"/ryandouglad/pokedex-jetpack/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488645/; classtype:trojan-activity;sid:84351745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488646)"; flow:established,from_client; content:"GET"; http_method; content:"/widezaaaaaaaa/gradient-network/releases/download/v1.0/release_x64.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488646/; classtype:trojan-activity;sid:84351746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488647)"; flow:established,from_client; content:"GET"; http_method; content:"/muum1209/couplers/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488647/; classtype:trojan-activity;sid:84351747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488648)"; flow:established,from_client; content:"GET"; http_method; content:"/luhi989/triviaquest/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488648/; classtype:trojan-activity;sid:84351748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488649)"; flow:established,from_client; content:"GET"; http_method; content:"/muum1209/couplers/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488649/; classtype:trojan-activity;sid:84351749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488650)"; flow:established,from_client; content:"GET"; http_method; content:"/ryandouglad/pokedex-jetpack/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488650/; classtype:trojan-activity;sid:84351750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488651)"; flow:established,from_client; content:"GET"; http_method; content:"/ne-ted/free_us_investment_agent_system/releases/download/v1.0/application.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488651/; classtype:trojan-activity;sid:84351751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488652)"; flow:established,from_client; content:"GET"; http_method; content:"/otaviomsj/hdo-box-app/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488652/; classtype:trojan-activity;sid:84351752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488653)"; flow:established,from_client; content:"GET"; http_method; content:"/b2kkingr/sveltekit-workers-d1-auth/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488653/; classtype:trojan-activity;sid:84351753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488654)"; flow:established,from_client; content:"GET"; http_method; content:"/npcgamingyt-thegoat/telegram-robot-handler/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488654/; classtype:trojan-activity;sid:84351754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488655)"; flow:established,from_client; content:"GET"; http_method; content:"/widezaaaaaaaa/gradient-network/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488655/; classtype:trojan-activity;sid:84351755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488642)"; flow:established,from_client; content:"GET"; http_method; content:"/otaviomsj/hdo-box-app/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488642/; classtype:trojan-activity;sid:84351742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488643)"; flow:established,from_client; content:"GET"; http_method; content:"/npcgamingyt-thegoat/telegram-robot-handler/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488643/; classtype:trojan-activity;sid:84351743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488641)"; flow:established,from_client; content:"GET"; http_method; content:"/dragce09/metasploit-framework-2025/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488641/; classtype:trojan-activity;sid:84351741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488636)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18630095/software.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488636/; classtype:trojan-activity;sid:84351736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488637)"; flow:established,from_client; content:"GET"; http_method; content:"/ericsribas/linux-studies/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488637/; classtype:trojan-activity;sid:84351737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488638)"; flow:established,from_client; content:"GET"; http_method; content:"/maxt5n/deepseek-model-finetune-inference-platform/releases/download/v1.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488638/; classtype:trojan-activity;sid:84351738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488639)"; flow:established,from_client; content:"GET"; http_method; content:"/lalovargas69/dado/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488639/; classtype:trojan-activity;sid:84351739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.108.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488640/; classtype:trojan-activity;sid:84351740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488630)"; flow:established,from_client; content:"GET"; http_method; content:"/dasara21/hypermatch/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488630/; classtype:trojan-activity;sid:84351730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488631)"; flow:established,from_client; content:"GET"; http_method; content:"/sudi008/mocha-job-portal-frontend/releases/download/v1.0/software.zip/"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488631/; classtype:trojan-activity;sid:84351731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488632)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18630095/software.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488632/; classtype:trojan-activity;sid:84351732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488633)"; flow:established,from_client; content:"GET"; http_method; content:"/moatazgt3/email2_classicemail_docs/releases/download/v1.0/installer.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488633/; classtype:trojan-activity;sid:84351733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488634)"; flow:established,from_client; content:"GET"; http_method; content:"/brevidade/fleet-pattern/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488634/; classtype:trojan-activity;sid:84351734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488635)"; flow:established,from_client; content:"GET"; http_method; content:"/kachinimin/mod-gta5/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488635/; classtype:trojan-activity;sid:84351735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.149.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488629/; classtype:trojan-activity;sid:84351729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488619)"; flow:established,from_client; content:"GET"; http_method; content:"/chrisisme5/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488619/; classtype:trojan-activity;sid:84351719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488620)"; flow:established,from_client; content:"GET"; http_method; content:"/saninmysore/aws-face-recognition/releases/download/v1.0/software.zip/"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488620/; classtype:trojan-activity;sid:84351720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488621)"; flow:established,from_client; content:"GET"; http_method; content:"/celestialhub551/discord-nitro-code-generator-2025/releases/download/v1.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488621/; classtype:trojan-activity;sid:84351721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488622)"; flow:established,from_client; content:"GET"; http_method; content:"/sh0uko/clintoncat/releases/download/v1.0/installer.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488622/; classtype:trojan-activity;sid:84351722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488623)"; flow:established,from_client; content:"GET"; http_method; content:"/murthy69/dsa/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488623/; classtype:trojan-activity;sid:84351723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488624)"; flow:established,from_client; content:"GET"; http_method; content:"/xuantruong7/idm-activation-script-2025/releases/download/v1.0/application.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488624/; classtype:trojan-activity;sid:84351724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488625)"; flow:established,from_client; content:"GET"; http_method; content:"/adrizzz111/norton-antivirus-premium-security/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488625/; classtype:trojan-activity;sid:84351725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488626)"; flow:established,from_client; content:"GET"; http_method; content:"/toniadrenalin/hack-crypto-wallet/releases/download/v1.0/application.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488626/; classtype:trojan-activity;sid:84351726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488627)"; flow:established,from_client; content:"GET"; http_method; content:"/ahsankhan55/send-form-email/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488627/; classtype:trojan-activity;sid:84351727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488628)"; flow:established,from_client; content:"GET"; http_method; content:"/contentmediagenericfiles/3aab4c9294c7abe63bb278102938ba7e-full.zip|3f|w=1|7c|26|7c|h=1|7c|26|7c|expires=1738888781|7c|26|7c|policy=eyjtdgf0zw1lbnqiolt7iljlc291cmnlijoiahr0chm6ly9jzg4uz2xky2rulmnvbs9db250zw50twvkawfhzw5lcmljrmlszxmvm2fhyjrjoti5ngm3ywjlnjniyji3odewmjkzogjhn2utrnvsbc56axaqiiwiq29uzgl0aw9uijp7ikrhdgvmzxnzvghhbii6eyjbv1m6rxbvy2huaw1lijoxnzm4odg4nzgxfx19xx0_|7c|26|7c|signature=kdoiuw08lgjmeiyk~k8bmc4qhmyikl2cle4qdoidexqwizvejyery1z0e4sf~iwjh7tgpd5-tfk4-tv-bwhbee1f~wspnonq9xtfcwmyxwtptlbtem1ildiqvqjpbnn3o7eaht0ooh1x621hn-zvyletbiep~dba3jh~kagu3zsyrlf30o5hux2e-sjdeyvk0axtes8hy52-qg76cr97qmdrox-abznw0djcricb4gyqu-gewc-gyasam4jvj9k4lsi7xcjfqm9lgtii~1bj6yxkw3hvc~bbekeiilvcpufmwubu32a2zf1j8oqcthg1z2zd7popweypmvypop-fpw__|7c|26|7c|key-pair-id=k1ffkfzrwazsb"; http_uri; depth:771; isdataat:!1,relative; nocase; content:"cdn.gldcdn.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488628/; classtype:trojan-activity;sid:84351728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488618)"; flow:established,from_client; content:"GET"; http_method; content:"/barza22/phpstorm-jetbrains-unlimited-ide/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488618/; classtype:trojan-activity;sid:84351718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488616)"; flow:established,from_client; content:"GET"; http_method; content:"/thilakshanthavarajah/simpletemp-demo/releases/download/v2.0/software.zip/"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488616/; classtype:trojan-activity;sid:84351716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488617)"; flow:established,from_client; content:"GET"; http_method; content:"/online-ebooks/rivals/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488617/; classtype:trojan-activity;sid:84351717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488597)"; flow:established,from_client; content:"GET"; http_method; content:"/aashishpatil2001/coffee_causality/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488597/; classtype:trojan-activity;sid:84351697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488598)"; flow:established,from_client; content:"GET"; http_method; content:"/pablofp16/bloodstrike-external-hack-2025-aimbot-esp-wallhack/releases/download/v2.0/software.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488598/; classtype:trojan-activity;sid:84351698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488599)"; flow:established,from_client; content:"GET"; http_method; content:"/ericsribas/linux-studies/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488599/; classtype:trojan-activity;sid:84351699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488600)"; flow:established,from_client; content:"GET"; http_method; content:"/luhxdante/blox-fruits-script/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488600/; classtype:trojan-activity;sid:84351700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488601)"; flow:established,from_client; content:"GET"; http_method; content:"/desarrolladorsoftwarejr/office-2024/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488601/; classtype:trojan-activity;sid:84351701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488602)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v1.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488602/; classtype:trojan-activity;sid:84351702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488603)"; flow:established,from_client; content:"GET"; http_method; content:"/evan-theo/ninjagram-download/releases/download/v2.0/software.zip/"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488603/; classtype:trojan-activity;sid:84351703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488604)"; flow:established,from_client; content:"GET"; http_method; content:"/rn098/figma-free-crack/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488604/; classtype:trojan-activity;sid:84351704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488605)"; flow:established,from_client; content:"GET"; http_method; content:"/binnizenobiocordovaleandro/apachimuhkayqui-server/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488605/; classtype:trojan-activity;sid:84351705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488606)"; flow:established,from_client; content:"GET"; http_method; content:"/bryandejesusrt/reconocimiento-de-placas-con-ia-bytecoders/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488606/; classtype:trojan-activity;sid:84351706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488607)"; flow:established,from_client; content:"GET"; http_method; content:"/nguyenthanhtrung86/java-all-in-native/releases/download/v1.0/software.zip/"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488607/; classtype:trojan-activity;sid:84351707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488608)"; flow:established,from_client; content:"GET"; http_method; content:"/boomerxd69/amog-os-lts/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488608/; classtype:trojan-activity;sid:84351708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488609)"; flow:established,from_client; content:"GET"; http_method; content:"/roblox12400z/dx9ware-roblox/releases/download/v1.0/app.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488609/; classtype:trojan-activity;sid:84351709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488610)"; flow:established,from_client; content:"GET"; http_method; content:"/awisyhaziq/g4/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488610/; classtype:trojan-activity;sid:84351710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488611)"; flow:established,from_client; content:"GET"; http_method; content:"/evan-theo/ninjagram-download/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488611/; classtype:trojan-activity;sid:84351711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488612)"; flow:established,from_client; content:"GET"; http_method; content:"/hackermanisdumb/mod-gta5/releases/download/v1.0/app.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488612/; classtype:trojan-activity;sid:84351712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488613)"; flow:established,from_client; content:"GET"; http_method; content:"/danielmakha/eth-mev-bot/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488613/; classtype:trojan-activity;sid:84351713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488614)"; flow:established,from_client; content:"GET"; http_method; content:"/kasonsh2450/bananan-shooter-hack-interna-/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488614/; classtype:trojan-activity;sid:84351714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488615)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18722098/application.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488615/; classtype:trojan-activity;sid:84351715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488596)"; flow:established,from_client; content:"GET"; http_method; content:"/micahchue/hwid-spoofer-and-cleaner-2024/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488596/; classtype:trojan-activity;sid:84351696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488595)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18722098/application.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488595/; classtype:trojan-activity;sid:84351695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488593)"; flow:established,from_client; content:"GET"; http_method; content:"/rajeshsharmadl/criminality/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488593/; classtype:trojan-activity;sid:84351693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488594)"; flow:established,from_client; content:"GET"; http_method; content:"/theblacksmile0/dogs-coin/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488594/; classtype:trojan-activity;sid:84351694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488588)"; flow:established,from_client; content:"GET"; http_method; content:"/phatcao2910/fbi_watchdog/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488588/; classtype:trojan-activity;sid:84351688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488589)"; flow:established,from_client; content:"GET"; http_method; content:"/fadiqupti/fivem-mod-menu/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488589/; classtype:trojan-activity;sid:84351689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488590)"; flow:established,from_client; content:"GET"; http_method; content:"/thilakshanthavarajah/simpletemp-demo/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488590/; classtype:trojan-activity;sid:84351690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488591)"; flow:established,from_client; content:"GET"; http_method; content:"/lautarigauna/eviltwin-esp8622/releases/download/v1.0/app.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488591/; classtype:trojan-activity;sid:84351691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488592)"; flow:established,from_client; content:"GET"; http_method; content:"/tiagosevero2023/wondershare-filmora-free/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488592/; classtype:trojan-activity;sid:84351692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488582)"; flow:established,from_client; content:"GET"; http_method; content:"/razzisproatgaming/hacathon-backend-smit/releases/download/v1.0/application.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488582/; classtype:trojan-activity;sid:84351682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488583)"; flow:established,from_client; content:"GET"; http_method; content:"/exvinityf/bsternaichain/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488583/; classtype:trojan-activity;sid:84351683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488584)"; flow:established,from_client; content:"GET"; http_method; content:"/asaelelcrack/mod-gta5/releases/download/v2.0/release_x64.zip/"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488584/; classtype:trojan-activity;sid:84351684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488585)"; flow:established,from_client; content:"GET"; http_method; content:"/obaniissnek/earlycascade/releases/download/v2.0/release_x64.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488585/; classtype:trojan-activity;sid:84351685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488586)"; flow:established,from_client; content:"GET"; http_method; content:"/booster78945/m0dmenu-gta5-free/releases/download/v2.0/release_x64.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488586/; classtype:trojan-activity;sid:84351686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488587)"; flow:established,from_client; content:"GET"; http_method; content:"/fufulooky/life.html/releases/download/v2.0/release_x64.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488587/; classtype:trojan-activity;sid:84351687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488566)"; flow:established,from_client; content:"GET"; http_method; content:"/hahaha911/detoxify/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488566/; classtype:trojan-activity;sid:84351666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488567)"; flow:established,from_client; content:"GET"; http_method; content:"/farizalsalman21/keon/releases/download/v2.0/release_x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488567/; classtype:trojan-activity;sid:84351667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488568)"; flow:established,from_client; content:"GET"; http_method; content:"/minedreamback/mod-gta5/releases/download/v2.0/release_x64.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488568/; classtype:trojan-activity;sid:84351668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.13.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488569/; classtype:trojan-activity;sid:84351669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488570)"; flow:established,from_client; content:"GET"; http_method; content:"/tiagoferlacamini/minecraft-nao-responsivo/releases/download/v2.0/release_x64.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488570/; classtype:trojan-activity;sid:84351670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488571)"; flow:established,from_client; content:"GET"; http_method; content:"/ali13qe/animaengine/releases/download/v2.0/release_x64.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488571/; classtype:trojan-activity;sid:84351671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488572)"; flow:established,from_client; content:"GET"; http_method; content:"/d3m0nvr/electron-executor/releases/download/v2.0/release_x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488572/; classtype:trojan-activity;sid:84351672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488573)"; flow:established,from_client; content:"GET"; http_method; content:"/discord-link-redirect/hr-analytics-optimizer/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488573/; classtype:trojan-activity;sid:84351673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488574)"; flow:established,from_client; content:"GET"; http_method; content:"/discord-link-redirect/hr-analytics-optimizer/releases/download/v1.0/application.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488574/; classtype:trojan-activity;sid:84351674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488575)"; flow:established,from_client; content:"GET"; http_method; content:"/hahaha911/detoxify/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488575/; classtype:trojan-activity;sid:84351675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488576)"; flow:established,from_client; content:"GET"; http_method; content:"/asaelelcrack/mod-gta5/releases/download/v2.0/release_x64.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488576/; classtype:trojan-activity;sid:84351676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488577)"; flow:established,from_client; content:"GET"; http_method; content:"/manutyco/sentinel/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488577/; classtype:trojan-activity;sid:84351677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488578)"; flow:established,from_client; content:"GET"; http_method; content:"/manutyco/sentinel/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488578/; classtype:trojan-activity;sid:84351678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488579)"; flow:established,from_client; content:"GET"; http_method; content:"/tiagoferlacamini/rafaballerini/releases/download/v2.0/release_x64.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488579/; classtype:trojan-activity;sid:84351679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488580)"; flow:established,from_client; content:"GET"; http_method; content:"/razzisproatgaming/hacathon-backend-smit/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488580/; classtype:trojan-activity;sid:84351680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488581)"; flow:established,from_client; content:"GET"; http_method; content:"/iqquxd/futzin-online/releases/download/v2.0/release_x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488581/; classtype:trojan-activity;sid:84351681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488565)"; flow:established,from_client; content:"GET"; http_method; content:"/ehsan14123/wave-roblox/releases/download/v2.0/release_x64.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488565/; classtype:trojan-activity;sid:84351665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488564)"; flow:established,from_client; content:"GET"; http_method; content:"/tiagoferlacamini/minecraft-nao-responsivo/releases/download/v2.0/release_x64.zip/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488564/; classtype:trojan-activity;sid:84351664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488563)"; flow:established,from_client; content:"GET"; http_method; content:"/justanamelessghoul/atlantis-executor/releases/download/v2.0/release_x64.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488563/; classtype:trojan-activity;sid:84351663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488561)"; flow:established,from_client; content:"GET"; http_method; content:"/lilsat/asphyxia-cs2/releases/download/v2.0/release_x64.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488561/; classtype:trojan-activity;sid:84351661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488562)"; flow:established,from_client; content:"GET"; http_method; content:"/ehsan14123/wave-roblox/releases/download/v2.0/release_x64.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488562/; classtype:trojan-activity;sid:84351662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488559)"; flow:established,from_client; content:"GET"; http_method; content:"/jihur/cheat-cs2/releases/download/v2.0/release_x64.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488559/; classtype:trojan-activity;sid:84351659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488560)"; flow:established,from_client; content:"GET"; http_method; content:"/exvinityf/bsternaichain/releases/download/v1.0/application.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488560/; classtype:trojan-activity;sid:84351660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488547)"; flow:established,from_client; content:"GET"; http_method; content:"/trey89878668/dagger/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488547/; classtype:trojan-activity;sid:84351647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488548)"; flow:established,from_client; content:"GET"; http_method; content:"/nass3344/trello-like-api/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488548/; classtype:trojan-activity;sid:84351648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488549)"; flow:established,from_client; content:"GET"; http_method; content:"/toe2132313/zorvex-cat/releases/download/v1.0/software.zip/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488549/; classtype:trojan-activity;sid:84351649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488550)"; flow:established,from_client; content:"GET"; http_method; content:"/xaviertya/.dotfiles/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488550/; classtype:trojan-activity;sid:84351650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488551)"; flow:established,from_client; content:"GET"; http_method; content:"/nt8068/awp.gg-executor-roblox/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488551/; classtype:trojan-activity;sid:84351651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488552)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488552/; classtype:trojan-activity;sid:84351652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488553)"; flow:established,from_client; content:"GET"; http_method; content:"/spaceforgets-code/ai-voice-cloning-tool/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488553/; classtype:trojan-activity;sid:84351653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488554)"; flow:established,from_client; content:"GET"; http_method; content:"/itzidkmoment/flutter_flower_clone_app/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488554/; classtype:trojan-activity;sid:84351654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488555)"; flow:established,from_client; content:"GET"; http_method; content:"/naiahahah/musicbox/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488555/; classtype:trojan-activity;sid:84351655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488556)"; flow:established,from_client; content:"GET"; http_method; content:"/itzgame123/counter-str1ke-2-h4ck/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488556/; classtype:trojan-activity;sid:84351656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488557)"; flow:established,from_client; content:"GET"; http_method; content:"/afonsosousait/freeroam/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488557/; classtype:trojan-activity;sid:84351657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488558)"; flow:established,from_client; content:"GET"; http_method; content:"/vitornsousa/moonlight-launcher/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488558/; classtype:trojan-activity;sid:84351658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488531)"; flow:established,from_client; content:"GET"; http_method; content:"/sendafor/phoenixc2/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488531/; classtype:trojan-activity;sid:84351631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488532)"; flow:established,from_client; content:"GET"; http_method; content:"/garuadi/rainbow-s1x-siege-cheat/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488532/; classtype:trojan-activity;sid:84351632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488533)"; flow:established,from_client; content:"GET"; http_method; content:"/xaviertya/.dotfiles/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488533/; classtype:trojan-activity;sid:84351633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488534)"; flow:established,from_client; content:"GET"; http_method; content:"/jamesrichards05/telegram-premium/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488534/; classtype:trojan-activity;sid:84351634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488535)"; flow:established,from_client; content:"GET"; http_method; content:"/aksoo7/solbf/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488535/; classtype:trojan-activity;sid:84351635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488536)"; flow:established,from_client; content:"GET"; http_method; content:"/zentosph/aplikasi-sekolah/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488536/; classtype:trojan-activity;sid:84351636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488537)"; flow:established,from_client; content:"GET"; http_method; content:"/aufahuhs/advanced-machine-learning-personal-project/releases/download/v1.0/software.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488537/; classtype:trojan-activity;sid:84351637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488538)"; flow:established,from_client; content:"GET"; http_method; content:"/mizea2/bot-new/releases/download/v2.0/software.zip/"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488538/; classtype:trojan-activity;sid:84351638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488539)"; flow:established,from_client; content:"GET"; http_method; content:"/vitornsousa/moonlight-launcher/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488539/; classtype:trojan-activity;sid:84351639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488540)"; flow:established,from_client; content:"GET"; http_method; content:"/doomzday4032/blox-fruits-autofarm/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488540/; classtype:trojan-activity;sid:84351640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488541)"; flow:established,from_client; content:"GET"; http_method; content:"/99monisha/smart-web-scraper-2.0-using-gen-ai/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488541/; classtype:trojan-activity;sid:84351641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488542)"; flow:established,from_client; content:"GET"; http_method; content:"/kenichi-botz/yusupbot1/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488542/; classtype:trojan-activity;sid:84351642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488543)"; flow:established,from_client; content:"GET"; http_method; content:"/ggusercool/pancakeswapbnbprediction/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488543/; classtype:trojan-activity;sid:84351643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488544)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmetbaba122/blue-lock-rivals/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488544/; classtype:trojan-activity;sid:84351644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488545)"; flow:established,from_client; content:"GET"; http_method; content:"/narfor502/cucumberbddframework/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488545/; classtype:trojan-activity;sid:84351645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488546)"; flow:established,from_client; content:"GET"; http_method; content:"/abhinavchetla/seedgn/releases/download/v1.0/software.zip/"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488546/; classtype:trojan-activity;sid:84351646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488530)"; flow:established,from_client; content:"GET"; http_method; content:"/gwyiomi/apex-legends-external-cheat-hack-trigger-glow-aimbot-skin-more-hwid-spoofer/releases/download/v2.0/software.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488530/; classtype:trojan-activity;sid:84351630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488529)"; flow:established,from_client; content:"GET"; http_method; content:"/tamin1111/universal-hwid-spoofer/releases/download/v2.0/software.zip/"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488529/; classtype:trojan-activity;sid:84351629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488510)"; flow:established,from_client; content:"GET"; http_method; content:"/k4tuu/roblox-faxi-macro/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488510/; classtype:trojan-activity;sid:84351610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488511)"; flow:established,from_client; content:"GET"; http_method; content:"/12301530/pump-fun-frontend/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488511/; classtype:trojan-activity;sid:84351611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488512)"; flow:established,from_client; content:"GET"; http_method; content:"/superboyguy/faxi-macro/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488512/; classtype:trojan-activity;sid:84351612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488513)"; flow:established,from_client; content:"GET"; http_method; content:"/sangdeptrai20/exodus-fake-balance/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488513/; classtype:trojan-activity;sid:84351613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488514)"; flow:established,from_client; content:"GET"; http_method; content:"/kareemdaher772/weather-app/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488514/; classtype:trojan-activity;sid:84351614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488515)"; flow:established,from_client; content:"GET"; http_method; content:"/jhaelkatherine/menu-for-gta-5/releases/download/v1.0/software.zip/"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488515/; classtype:trojan-activity;sid:84351615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488516)"; flow:established,from_client; content:"GET"; http_method; content:"/singlovemyself/c2panel/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488516/; classtype:trojan-activity;sid:84351616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488517)"; flow:established,from_client; content:"GET"; http_method; content:"/krishna9894/automated-youtube-shorts-generator/releases/download/v1.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488517/; classtype:trojan-activity;sid:84351617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488518)"; flow:established,from_client; content:"GET"; http_method; content:"/dropeed10/synapse-x-roblox-free/releases/download/v1.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488518/; classtype:trojan-activity;sid:84351618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488519)"; flow:established,from_client; content:"GET"; http_method; content:"/tamin1111/universal-hwid-spoofer/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488519/; classtype:trojan-activity;sid:84351619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488520)"; flow:established,from_client; content:"GET"; http_method; content:"/jhonlorenzmanadeo/fridadownloader/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488520/; classtype:trojan-activity;sid:84351620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488521)"; flow:established,from_client; content:"GET"; http_method; content:"/erichoang2809/rivals-script/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488521/; classtype:trojan-activity;sid:84351621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488522)"; flow:established,from_client; content:"GET"; http_method; content:"/cheesychips123/how.sh/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488522/; classtype:trojan-activity;sid:84351622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488523)"; flow:established,from_client; content:"GET"; http_method; content:"/jhaelkatherine/menu-for-gta-5/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488523/; classtype:trojan-activity;sid:84351623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488524)"; flow:established,from_client; content:"GET"; http_method; content:"/jjkj67/ida-pro-keygen-2024/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488524/; classtype:trojan-activity;sid:84351624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488525)"; flow:established,from_client; content:"GET"; http_method; content:"/tub123w/apex-legends-cheat-download/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488525/; classtype:trojan-activity;sid:84351625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488526)"; flow:established,from_client; content:"GET"; http_method; content:"/torpedope/stock-portfolio-tracker/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488526/; classtype:trojan-activity;sid:84351626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488527)"; flow:established,from_client; content:"GET"; http_method; content:"/lotus-hub/whats-crash/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488527/; classtype:trojan-activity;sid:84351627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488528)"; flow:established,from_client; content:"GET"; http_method; content:"/senseifc/wallet-stealer/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488528/; classtype:trojan-activity;sid:84351628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488504)"; flow:established,from_client; content:"GET"; http_method; content:"/climassistadmin/monotone-hwid-spoofer/releases/download/v1.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488504/; classtype:trojan-activity;sid:84351604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488505)"; flow:established,from_client; content:"GET"; http_method; content:"/huizuohaode/ai-image-generator/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488505/; classtype:trojan-activity;sid:84351605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488506)"; flow:established,from_client; content:"GET"; http_method; content:"/nikke6728/towerdefensegame/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488506/; classtype:trojan-activity;sid:84351606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488507)"; flow:established,from_client; content:"GET"; http_method; content:"/cravanger/seliware-executor/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488507/; classtype:trojan-activity;sid:84351607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488508)"; flow:established,from_client; content:"GET"; http_method; content:"/uwuwuwu363/tts-local/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488508/; classtype:trojan-activity;sid:84351608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488509)"; flow:established,from_client; content:"GET"; http_method; content:"/arthurvill/todolist/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488509/; classtype:trojan-activity;sid:84351609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488503)"; flow:established,from_client; content:"GET"; http_method; content:"/cpsgdps/employe-time-tracker/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488503/; classtype:trojan-activity;sid:84351603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488475)"; flow:established,from_client; content:"GET"; http_method; content:"/marcospilarr/foolproof-cursor-freeloading-method/releases/download/v2.0/software.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488475/; classtype:trojan-activity;sid:84351575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488476)"; flow:established,from_client; content:"GET"; http_method; content:"/afjhr/iexplorer-free/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488476/; classtype:trojan-activity;sid:84351576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488477)"; flow:established,from_client; content:"GET"; http_method; content:"/giiyu12/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488477/; classtype:trojan-activity;sid:84351577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488478)"; flow:established,from_client; content:"GET"; http_method; content:"/rahulpa045/cphishtermux/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488478/; classtype:trojan-activity;sid:84351578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488479)"; flow:established,from_client; content:"GET"; http_method; content:"/lilroniel/phoenixc2/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488479/; classtype:trojan-activity;sid:84351579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488480)"; flow:established,from_client; content:"GET"; http_method; content:"/anonnimo/nitropage/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488480/; classtype:trojan-activity;sid:84351580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488481)"; flow:established,from_client; content:"GET"; http_method; content:"/jameseeeeeeeeeee/carbon-executor/releases/download/v2.0/software.zip/"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488481/; classtype:trojan-activity;sid:84351581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488482)"; flow:established,from_client; content:"GET"; http_method; content:"/sporty18000/mobiledit-forensic-express-pro-free/releases/download/v1.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488482/; classtype:trojan-activity;sid:84351582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488483)"; flow:established,from_client; content:"GET"; http_method; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v2.0/software.zip/"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488483/; classtype:trojan-activity;sid:84351583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488484)"; flow:established,from_client; content:"GET"; http_method; content:"/hackermanisdumb/mod-gta5/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488484/; classtype:trojan-activity;sid:84351584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488485)"; flow:established,from_client; content:"GET"; http_method; content:"/ne-ted/free_us_investment_agent_system/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488485/; classtype:trojan-activity;sid:84351585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488486)"; flow:established,from_client; content:"GET"; http_method; content:"/rn098/figma-free-crack/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488486/; classtype:trojan-activity;sid:84351586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488487)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488487/; classtype:trojan-activity;sid:84351587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488488)"; flow:established,from_client; content:"GET"; http_method; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488488/; classtype:trojan-activity;sid:84351588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488489)"; flow:established,from_client; content:"GET"; http_method; content:"/hackermanisdumb/mod-gta5/releases/download/v2.0/software.zip/"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488489/; classtype:trojan-activity;sid:84351589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488490)"; flow:established,from_client; content:"GET"; http_method; content:"/vyshnavidevi11/frtproject/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488490/; classtype:trojan-activity;sid:84351590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488491)"; flow:established,from_client; content:"GET"; http_method; content:"/abyss675/alfaromeogiulia_dashboardinfo_esp32-s3/releases/download/v1.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488491/; classtype:trojan-activity;sid:84351591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488492)"; flow:established,from_client; content:"GET"; http_method; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v2.0/software.zip/"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488492/; classtype:trojan-activity;sid:84351592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488493)"; flow:established,from_client; content:"GET"; http_method; content:"/abdulbasii/spectra/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488493/; classtype:trojan-activity;sid:84351593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488494)"; flow:established,from_client; content:"GET"; http_method; content:"/akusayudodograu/agentic-rag-story-generation-with-multimodal-genai/releases/download/v2.0/software.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488494/; classtype:trojan-activity;sid:84351594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488495)"; flow:established,from_client; content:"GET"; http_method; content:"/salsiii/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488495/; classtype:trojan-activity;sid:84351595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488496)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488496/; classtype:trojan-activity;sid:84351596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488497)"; flow:established,from_client; content:"GET"; http_method; content:"/globalnewsory/layeredge-auto-bot/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488497/; classtype:trojan-activity;sid:84351597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488498)"; flow:established,from_client; content:"GET"; http_method; content:"/rafy35198/jjsploit/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488498/; classtype:trojan-activity;sid:84351598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488499)"; flow:established,from_client; content:"GET"; http_method; content:"/double-back/evon-executor/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488499/; classtype:trojan-activity;sid:84351599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488500)"; flow:established,from_client; content:"GET"; http_method; content:"/kietmio/awesome-nlp-papers/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488500/; classtype:trojan-activity;sid:84351600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488501)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinyxml/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488501/; classtype:trojan-activity;sid:84351601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488502)"; flow:established,from_client; content:"GET"; http_method; content:"/devofss/leadfinder-agent/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488502/; classtype:trojan-activity;sid:84351602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488470)"; flow:established,from_client; content:"GET"; http_method; content:"/muterfree/nexus-roblox/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488470/; classtype:trojan-activity;sid:84351570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488471)"; flow:established,from_client; content:"GET"; http_method; content:"/agr1us/roblox-oxygen/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488471/; classtype:trojan-activity;sid:84351571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488472)"; flow:established,from_client; content:"GET"; http_method; content:"/mejicool/casino-scripts.com-/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488472/; classtype:trojan-activity;sid:84351572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488473)"; flow:established,from_client; content:"GET"; http_method; content:"/afjhr/iexplorer-free/releases/download/v2.0/software.zip/"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488473/; classtype:trojan-activity;sid:84351573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488474)"; flow:established,from_client; content:"GET"; http_method; content:"/vrus67/crystaltool/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488474/; classtype:trojan-activity;sid:84351574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488469)"; flow:established,from_client; content:"GET"; http_method; content:"/mausamshta/the-full-list-of-trusted-darknet-markets-in-2025/releases/download/v2.0/software.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488469/; classtype:trojan-activity;sid:84351569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488468)"; flow:established,from_client; content:"GET"; http_method; content:"/crispyman1245/bazaarflipmod/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488468/; classtype:trojan-activity;sid:84351568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488463)"; flow:established,from_client; content:"GET"; http_method; content:"/devansh-2795/al-photoshop-2024/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488463/; classtype:trojan-activity;sid:84351563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488464)"; flow:established,from_client; content:"GET"; http_method; content:"/zckbmelvergalarga/monotone-hwid-spoofer/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488464/; classtype:trojan-activity;sid:84351564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488465)"; flow:established,from_client; content:"GET"; http_method; content:"/plutodrx/sqli-dumper-10.5-free-setup/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488465/; classtype:trojan-activity;sid:84351565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488466)"; flow:established,from_client; content:"GET"; http_method; content:"/pkhanhdz/vps-ranges/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488466/; classtype:trojan-activity;sid:84351566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488467)"; flow:established,from_client; content:"GET"; http_method; content:"/toxicmumo/hwid-spoofer-apex-valorant-warzone-rust-spoofer/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488467/; classtype:trojan-activity;sid:84351567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488444)"; flow:established,from_client; content:"GET"; http_method; content:"/krishioer/fivem-mod-menu/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488444/; classtype:trojan-activity;sid:84351544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488445)"; flow:established,from_client; content:"GET"; http_method; content:"/afjhr/iexplorer-free/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"www.github.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488445/; classtype:trojan-activity;sid:84351545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488446)"; flow:established,from_client; content:"GET"; http_method; content:"/heinhtet2737/fl-studio-producer-edition-free/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488446/; classtype:trojan-activity;sid:84351546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488447)"; flow:established,from_client; content:"GET"; http_method; content:"/davidpepeee/roblox-synapse/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488447/; classtype:trojan-activity;sid:84351547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488448)"; flow:established,from_client; content:"GET"; http_method; content:"/sporty18000/mobiledit-forensic-express-pro-free/releases/download/v2.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488448/; classtype:trojan-activity;sid:84351548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488449)"; flow:established,from_client; content:"GET"; http_method; content:"/huyko67/chatbot-whatsapp/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488449/; classtype:trojan-activity;sid:84351549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488450)"; flow:established,from_client; content:"GET"; http_method; content:"/neduckmanduk/spotify-crack-v0.23--2025-/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488450/; classtype:trojan-activity;sid:84351550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488451)"; flow:established,from_client; content:"GET"; http_method; content:"/shivkaustubh/keyword-researcher-pro-free/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488451/; classtype:trojan-activity;sid:84351551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488452)"; flow:established,from_client; content:"GET"; http_method; content:"/teohhee/comfyui_preview360panorama/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488452/; classtype:trojan-activity;sid:84351552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488453)"; flow:established,from_client; content:"GET"; http_method; content:"/denys849/krnl-lua-script-injector-for-roblox-game-development/releases/download/v2.0/software.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488453/; classtype:trojan-activity;sid:84351553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488454)"; flow:established,from_client; content:"GET"; http_method; content:"/diapiffy/setup/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488454/; classtype:trojan-activity;sid:84351554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488455)"; flow:established,from_client; content:"GET"; http_method; content:"/miyajiultimate/apex-legends-cheat-download/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488455/; classtype:trojan-activity;sid:84351555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488456)"; flow:established,from_client; content:"GET"; http_method; content:"/zidanqawy/peminjaman-buku/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488456/; classtype:trojan-activity;sid:84351556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488457)"; flow:established,from_client; content:"GET"; http_method; content:"/bader999/counter-str1ke-2-h4ck/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488457/; classtype:trojan-activity;sid:84351557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488458)"; flow:established,from_client; content:"GET"; http_method; content:"/sansiwo/zen-focus/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488458/; classtype:trojan-activity;sid:84351558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488459)"; flow:established,from_client; content:"GET"; http_method; content:"/youssef14a/jjsploit/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488459/; classtype:trojan-activity;sid:84351559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488460)"; flow:established,from_client; content:"GET"; http_method; content:"/loudwens/displayindex/releases/download/v2.0/software.zip/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488460/; classtype:trojan-activity;sid:84351560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488461)"; flow:established,from_client; content:"GET"; http_method; content:"/zidanqawy/awesome-kde/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488461/; classtype:trojan-activity;sid:84351561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488462)"; flow:established,from_client; content:"GET"; http_method; content:"/phucclone/ctfd_carsu-ctf/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488462/; classtype:trojan-activity;sid:84351562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488437)"; flow:established,from_client; content:"GET"; http_method; content:"/vksoz/scriptware-executer/releases/download/v2.0/program.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488437/; classtype:trojan-activity;sid:84351537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488438)"; flow:established,from_client; content:"GET"; http_method; content:"/3amneoz/roblox-celery/releases/download/v2.0/program.zip/"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488438/; classtype:trojan-activity;sid:84351538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488439)"; flow:established,from_client; content:"GET"; http_method; content:"/iampoo31331/hydrogen-executor/releases/download/v2.0/program.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488439/; classtype:trojan-activity;sid:84351539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488440)"; flow:established,from_client; content:"GET"; http_method; content:"/lordsatanthenuker/discorduniverse/releases/download/v2.0/program.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488440/; classtype:trojan-activity;sid:84351540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488441)"; flow:established,from_client; content:"GET"; http_method; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/program.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488441/; classtype:trojan-activity;sid:84351541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488442)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v2.0/program.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488442/; classtype:trojan-activity;sid:84351542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488443)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v2.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488443/; classtype:trojan-activity;sid:84351543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488436)"; flow:established,from_client; content:"GET"; http_method; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488436/; classtype:trojan-activity;sid:84351536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488432)"; flow:established,from_client; content:"GET"; http_method; content:"/3amneoz/roblox-celery/releases/download/v2.0/program.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488432/; classtype:trojan-activity;sid:84351532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488433)"; flow:established,from_client; content:"GET"; http_method; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488433/; classtype:trojan-activity;sid:84351533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488434)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v2.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488434/; classtype:trojan-activity;sid:84351534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488435)"; flow:established,from_client; content:"GET"; http_method; content:"/communismbelike/delta-executor/releases/download/v2.0/program.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488435/; classtype:trojan-activity;sid:84351535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488426)"; flow:established,from_client; content:"GET"; http_method; content:"/rag7720/coretech-solutions-custom-odoo-module/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488426/; classtype:trojan-activity;sid:84351526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488427)"; flow:established,from_client; content:"GET"; http_method; content:"/calebtheman116/hotel_customers_sentiments/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488427/; classtype:trojan-activity;sid:84351527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488428)"; flow:established,from_client; content:"GET"; http_method; content:"/theoiscoollol/estatease.co/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488428/; classtype:trojan-activity;sid:84351528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488429)"; flow:established,from_client; content:"GET"; http_method; content:"/bnytgamer/wondershare-drfone-download/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488429/; classtype:trojan-activity;sid:84351529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488430)"; flow:established,from_client; content:"GET"; http_method; content:"/bnytgamer/wondershare-drfone-download/releases/download/v1.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488430/; classtype:trojan-activity;sid:84351530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488431)"; flow:established,from_client; content:"GET"; http_method; content:"/calebtheman116/hotel_customers_sentiments/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488431/; classtype:trojan-activity;sid:84351531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488425)"; flow:established,from_client; content:"GET"; http_method; content:"/rag7720/coretech-solutions-custom-odoo-module/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488425/; classtype:trojan-activity;sid:84351525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488424)"; flow:established,from_client; content:"GET"; http_method; content:"/theoiscoollol/estatease.co/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488424/; classtype:trojan-activity;sid:84351524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.145.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488423/; classtype:trojan-activity;sid:84351523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.30.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488422/; classtype:trojan-activity;sid:84351522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488421/; classtype:trojan-activity;sid:84351521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488419/; classtype:trojan-activity;sid:84351519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.1.182"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488420/; classtype:trojan-activity;sid:84351520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488414/; classtype:trojan-activity;sid:84351514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.2.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488415/; classtype:trojan-activity;sid:84351515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488416)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.27.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488416/; classtype:trojan-activity;sid:84351516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488417)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.250.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488417/; classtype:trojan-activity;sid:84351517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.118.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488418/; classtype:trojan-activity;sid:84351518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488413)"; flow:established,from_client; content:"GET"; http_method; content:"/oscar09284/nuxt-swal/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488413/; classtype:trojan-activity;sid:84351513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488412)"; flow:established,from_client; content:"GET"; http_method; content:"/lolvr69/llms-from-scratch/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488412/; classtype:trojan-activity;sid:84351512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488397)"; flow:established,from_client; content:"GET"; http_method; content:"/whitreyce3/paytasker-client/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488397/; classtype:trojan-activity;sid:84351497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488398)"; flow:established,from_client; content:"GET"; http_method; content:"/sandman2089/world-of-warcraft-autofarm-bot/releases/download/v1.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488398/; classtype:trojan-activity;sid:84351498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488399)"; flow:established,from_client; content:"GET"; http_method; content:"/anonymouscoder69/maskurl/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488399/; classtype:trojan-activity;sid:84351499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488400)"; flow:established,from_client; content:"GET"; http_method; content:"/hannesfht/hotel-reservation-analysis-dashboard/releases/download/v1.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488400/; classtype:trojan-activity;sid:84351500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488401)"; flow:established,from_client; content:"GET"; http_method; content:"/oscar09284/nuxt-swal/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488401/; classtype:trojan-activity;sid:84351501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488402)"; flow:established,from_client; content:"GET"; http_method; content:"/cursrrx/zero-overhead-promise-lock/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488402/; classtype:trojan-activity;sid:84351502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488403)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinborgesz/the-data-engineering-academy/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488403/; classtype:trojan-activity;sid:84351503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488404)"; flow:established,from_client; content:"GET"; http_method; content:"/stealthy8/complete-food-delivery-app/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488404/; classtype:trojan-activity;sid:84351504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.84.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488405/; classtype:trojan-activity;sid:84351505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488406)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinborgesz/the-data-engineering-academy/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488406/; classtype:trojan-activity;sid:84351506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.252.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488407/; classtype:trojan-activity;sid:84351507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488408)"; flow:established,from_client; content:"GET"; http_method; content:"/ashwin-wright/image-url-converter/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488408/; classtype:trojan-activity;sid:84351508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488409)"; flow:established,from_client; content:"GET"; http_method; content:"/dongskie43/nlp-engineering-hub/releases/download/v1.0/application.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488409/; classtype:trojan-activity;sid:84351509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488410)"; flow:established,from_client; content:"GET"; http_method; content:"/cursrrx/zero-overhead-promise-lock/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488410/; classtype:trojan-activity;sid:84351510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488411)"; flow:established,from_client; content:"GET"; http_method; content:"/hannesfht/hotel-reservation-analysis-dashboard/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488411/; classtype:trojan-activity;sid:84351511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488387)"; flow:established,from_client; content:"GET"; http_method; content:"/elfranp4/safespace/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488387/; classtype:trojan-activity;sid:84351487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488388)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488388/; classtype:trojan-activity;sid:84351488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488389)"; flow:established,from_client; content:"GET"; http_method; content:"/izaquegamer/flow-operators/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488389/; classtype:trojan-activity;sid:84351489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488390)"; flow:established,from_client; content:"GET"; http_method; content:"/carior123/browser-operator/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488390/; classtype:trojan-activity;sid:84351490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488391)"; flow:established,from_client; content:"GET"; http_method; content:"/anonymouscoder69/maskurl/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488391/; classtype:trojan-activity;sid:84351491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488392)"; flow:established,from_client; content:"GET"; http_method; content:"/elfranp4/safespace/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488392/; classtype:trojan-activity;sid:84351492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488393)"; flow:established,from_client; content:"GET"; http_method; content:"/sudjgfajshdgajsdh/mojo-ui/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488393/; classtype:trojan-activity;sid:84351493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488394)"; flow:established,from_client; content:"GET"; http_method; content:"/whitreyce3/paytasker-client/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488394/; classtype:trojan-activity;sid:84351494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488395)"; flow:established,from_client; content:"GET"; http_method; content:"/stealthy8/complete-food-delivery-app/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488395/; classtype:trojan-activity;sid:84351495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488396)"; flow:established,from_client; content:"GET"; http_method; content:"/dongskie43/nlp-engineering-hub/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488396/; classtype:trojan-activity;sid:84351496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488384)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.201.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488384/; classtype:trojan-activity;sid:84351484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488385)"; flow:established,from_client; content:"GET"; http_method; content:"/edhmatinlassi/slf4j-examples/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488385/; classtype:trojan-activity;sid:84351485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488386)"; flow:established,from_client; content:"GET"; http_method; content:"/sudjgfajshdgajsdh/mojo-ui/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488386/; classtype:trojan-activity;sid:84351486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488381)"; flow:established,from_client; content:"GET"; http_method; content:"/vascoverde/rainfall-monitoring-system-iot/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488381/; classtype:trojan-activity;sid:84351481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488382)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.129.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488382/; classtype:trojan-activity;sid:84351482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488383)"; flow:established,from_client; content:"GET"; http_method; content:"/edhmatinlassi/slf4j-examples/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488383/; classtype:trojan-activity;sid:84351483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488378)"; flow:established,from_client; content:"GET"; http_method; content:"/samirfd/social-media-app/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488378/; classtype:trojan-activity;sid:84351478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488379)"; flow:established,from_client; content:"GET"; http_method; content:"/ashwin-wright/image-url-converter/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488379/; classtype:trojan-activity;sid:84351479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488380)"; flow:established,from_client; content:"GET"; http_method; content:"/vascoverde/rainfall-monitoring-system-iot/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488380/; classtype:trojan-activity;sid:84351480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488373)"; flow:established,from_client; content:"GET"; http_method; content:"/sandman2089/world-of-warcraft-autofarm-bot/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488373/; classtype:trojan-activity;sid:84351473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488374)"; flow:established,from_client; content:"GET"; http_method; content:"/lolvr69/llms-from-scratch/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488374/; classtype:trojan-activity;sid:84351474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.248.235.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488375/; classtype:trojan-activity;sid:84351475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488376)"; flow:established,from_client; content:"GET"; http_method; content:"/izaquegamer/flow-operators/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488376/; classtype:trojan-activity;sid:84351476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488377)"; flow:established,from_client; content:"GET"; http_method; content:"/samirfd/social-media-app/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488377/; classtype:trojan-activity;sid:84351477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488371)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488371/; classtype:trojan-activity;sid:84351471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488372)"; flow:established,from_client; content:"GET"; http_method; content:"/carior123/browser-operator/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488372/; classtype:trojan-activity;sid:84351472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.9.3.200"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488370/; classtype:trojan-activity;sid:84351470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.165.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488369/; classtype:trojan-activity;sid:84351469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488368)"; flow:established,from_client; content:"GET"; http_method; content:"/notready155/whatsapp-chat-analysis/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488368/; classtype:trojan-activity;sid:84351468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488367)"; flow:established,from_client; content:"GET"; http_method; content:"/francisco5577/ffmp/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488367/; classtype:trojan-activity;sid:84351467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488350)"; flow:established,from_client; content:"GET"; http_method; content:"/ilovedoo/ted-lasso-gpt/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488350/; classtype:trojan-activity;sid:84351450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488351)"; flow:established,from_client; content:"GET"; http_method; content:"/fnfurrcann/any-listen/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488351/; classtype:trojan-activity;sid:84351451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488352)"; flow:established,from_client; content:"GET"; http_method; content:"/helic2355/clatsworth/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488352/; classtype:trojan-activity;sid:84351452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488353)"; flow:established,from_client; content:"GET"; http_method; content:"/fnfurrcann/any-listen/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488353/; classtype:trojan-activity;sid:84351453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488354)"; flow:established,from_client; content:"GET"; http_method; content:"/axodoof/numeronym-generator/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488354/; classtype:trojan-activity;sid:84351454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488355)"; flow:established,from_client; content:"GET"; http_method; content:"/zerovr988/apaphx_ads1015/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488355/; classtype:trojan-activity;sid:84351455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488356)"; flow:established,from_client; content:"GET"; http_method; content:"/helic2355/clatsworth/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488356/; classtype:trojan-activity;sid:84351456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488357)"; flow:established,from_client; content:"GET"; http_method; content:"/joshue2006/llm-reasoner/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488357/; classtype:trojan-activity;sid:84351457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488358)"; flow:established,from_client; content:"GET"; http_method; content:"/francisco5577/ffmp/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488358/; classtype:trojan-activity;sid:84351458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488359)"; flow:established,from_client; content:"GET"; http_method; content:"/notready155/whatsapp-chat-analysis/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488359/; classtype:trojan-activity;sid:84351459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488360)"; flow:established,from_client; content:"GET"; http_method; content:"/ilovedoo/ted-lasso-gpt/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488360/; classtype:trojan-activity;sid:84351460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488361)"; flow:established,from_client; content:"GET"; http_method; content:"/joshue2006/llm-reasoner/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488361/; classtype:trojan-activity;sid:84351461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488362)"; flow:established,from_client; content:"GET"; http_method; content:"/f60n/player-engagement-system/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488362/; classtype:trojan-activity;sid:84351462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488363)"; flow:established,from_client; content:"GET"; http_method; content:"/zerovr988/apaphx_ads1015/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488363/; classtype:trojan-activity;sid:84351463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488364)"; flow:established,from_client; content:"GET"; http_method; content:"/axodoof/numeronym-generator/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488364/; classtype:trojan-activity;sid:84351464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488365)"; flow:established,from_client; content:"GET"; http_method; content:"/f60n/player-engagement-system/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488365/; classtype:trojan-activity;sid:84351465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488366)"; flow:established,from_client; content:"GET"; http_method; content:"/dannythescripter/rails-modern-stack-template/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488366/; classtype:trojan-activity;sid:84351466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488349)"; flow:established,from_client; content:"GET"; http_method; content:"/quocbaovioedu/squibview/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488349/; classtype:trojan-activity;sid:84351449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488348)"; flow:established,from_client; content:"GET"; http_method; content:"/darkskin508/thor/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488348/; classtype:trojan-activity;sid:84351448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488344)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedthegoat10/inklink/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488344/; classtype:trojan-activity;sid:84351444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488345)"; flow:established,from_client; content:"GET"; http_method; content:"/gembaliui/nuxt-visitors/releases/download/v1.0/installer.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488345/; classtype:trojan-activity;sid:84351445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488346)"; flow:established,from_client; content:"GET"; http_method; content:"/bigdaveyy/react-form-validator-pro/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488346/; classtype:trojan-activity;sid:84351446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488347)"; flow:established,from_client; content:"GET"; http_method; content:"/leaf342/liveexec32/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488347/; classtype:trojan-activity;sid:84351447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488329)"; flow:established,from_client; content:"GET"; http_method; content:"/nigsgehe/leakygpt/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488329/; classtype:trojan-activity;sid:84351429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488330)"; flow:established,from_client; content:"GET"; http_method; content:"/ego-creator/hepmassclassification/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488330/; classtype:trojan-activity;sid:84351430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488331)"; flow:established,from_client; content:"GET"; http_method; content:"/ego-creator/hepmassclassification/releases/download/v1.0/installer.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488331/; classtype:trojan-activity;sid:84351431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488332)"; flow:established,from_client; content:"GET"; http_method; content:"/weslei78b/beast-engine/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488332/; classtype:trojan-activity;sid:84351432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488333)"; flow:established,from_client; content:"GET"; http_method; content:"/elfrijoles/navengine/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488333/; classtype:trojan-activity;sid:84351433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin49/gym-management-system-/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488334/; classtype:trojan-activity;sid:84351434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488335)"; flow:established,from_client; content:"GET"; http_method; content:"/juanpepep213/hummingbird-wallet/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488335/; classtype:trojan-activity;sid:84351435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin49/gym-management-system-/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488336/; classtype:trojan-activity;sid:84351436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488337)"; flow:established,from_client; content:"GET"; http_method; content:"/quocbaovioedu/squibview/releases/download/v1.0/application.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488337/; classtype:trojan-activity;sid:84351437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488338)"; flow:established,from_client; content:"GET"; http_method; content:"/weslei78b/beast-engine/releases/download/v1.0/installer.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488338/; classtype:trojan-activity;sid:84351438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488339)"; flow:established,from_client; content:"GET"; http_method; content:"/bigdaveyy/react-form-validator-pro/releases/download/v1.0/installer.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488339/; classtype:trojan-activity;sid:84351439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488340)"; flow:established,from_client; content:"GET"; http_method; content:"/momo-carrelagefr/deepclaude/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488340/; classtype:trojan-activity;sid:84351440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488341)"; flow:established,from_client; content:"GET"; http_method; content:"/dy1365/smiles2dta-demo/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488341/; classtype:trojan-activity;sid:84351441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488342)"; flow:established,from_client; content:"GET"; http_method; content:"/gokujok/financial-expense-tracker/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488342/; classtype:trojan-activity;sid:84351442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488343)"; flow:established,from_client; content:"GET"; http_method; content:"/leaf342/liveexec32/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488343/; classtype:trojan-activity;sid:84351443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488325)"; flow:established,from_client; content:"GET"; http_method; content:"/yunichi/livekit-voice-ai-agent-setup/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488325/; classtype:trojan-activity;sid:84351425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488326)"; flow:established,from_client; content:"GET"; http_method; content:"/gokujok/financial-expense-tracker/releases/download/v1.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488326/; classtype:trojan-activity;sid:84351426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488327)"; flow:established,from_client; content:"GET"; http_method; content:"/dy1365/smiles2dta-demo/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488327/; classtype:trojan-activity;sid:84351427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488328)"; flow:established,from_client; content:"GET"; http_method; content:"/momo-carrelagefr/deepclaude/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488328/; classtype:trojan-activity;sid:84351428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488323)"; flow:established,from_client; content:"GET"; http_method; content:"/darkskin508/thor/releases/download/v1.0/application.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488323/; classtype:trojan-activity;sid:84351423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488324)"; flow:established,from_client; content:"GET"; http_method; content:"/elfrijoles/navengine/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488324/; classtype:trojan-activity;sid:84351424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488320)"; flow:established,from_client; content:"GET"; http_method; content:"/nigsgehe/leakygpt/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488320/; classtype:trojan-activity;sid:84351420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488321)"; flow:established,from_client; content:"GET"; http_method; content:"/gembaliui/nuxt-visitors/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488321/; classtype:trojan-activity;sid:84351421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488322)"; flow:established,from_client; content:"GET"; http_method; content:"/juanpepep213/hummingbird-wallet/releases/download/v1.0/installer.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488322/; classtype:trojan-activity;sid:84351422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488319)"; flow:established,from_client; content:"GET"; http_method; content:"/cd/0/get/cmcmm4fnzzojqblk60walfpwzmunoa63vn9lsjlx8m1z5wvzxj6psmk0aykwwemoovi0kdg2rlznkwfcdbiubxrbdppsr_lu5xqw8i4ktflkeqcapmqlnhrtsoz2evu6pjqlh8pgbwhryfr1bxeoh7ri/file|3f|dl=1"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"uc8941a3b90f9c2481f55f8f00b9.dl.dropboxusercontent.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488319/; classtype:trojan-activity;sid:84351419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488318)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/ouck6s5mxghmwz57tzkzj/sm.dat|3f|rlkey=2a6qys5xgufg2ouk93or0vmcr|7c|26|7c|st=zzaqdclb|7c|26|7c|dl=1"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488318/; classtype:trojan-activity;sid:84351418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.145.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488317/; classtype:trojan-activity;sid:84351417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488316)"; flow:established,from_client; content:"GET"; http_method; content:"/cd/0/get/cmckhjf_6g9nqt-zgrwst-ekf5w0uqsmrv4etq--1vjhabgfttdnj2bqkeumalocuqqsoeoepl1f6uxra6c1g5homn3wjl8hemywo4q3s4cwv9ceheg7pf5kdxfahdkeje-8eyc4qxaopq0mwv3njxgr/file|3f|dl=1"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"ucbd9e65613b54b31cc1cf04ff4c.dl.dropboxusercontent.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488316/; classtype:trojan-activity;sid:84351416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.89.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488315/; classtype:trojan-activity;sid:84351415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488309)"; flow:established,from_client; content:"GET"; http_method; content:"/dianfauzi16/school-project/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488309/; classtype:trojan-activity;sid:84351409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488310)"; flow:established,from_client; content:"GET"; http_method; content:"/connormc22/pure-crypter-advanced-injection-technology-64bit-32bit-anti-delete/releases/download/v2.0/software.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488310/; classtype:trojan-activity;sid:84351410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488311)"; flow:established,from_client; content:"GET"; http_method; content:"/duyanh2017/keyauth-imgui-example-protected/releases/download/v1.0/installer.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488311/; classtype:trojan-activity;sid:84351411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488312)"; flow:established,from_client; content:"GET"; http_method; content:"/woo071002/parcel-management-system/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488312/; classtype:trojan-activity;sid:84351412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488313)"; flow:established,from_client; content:"GET"; http_method; content:"/connormc22/pure-crypter-advanced-injection-technology-64bit-32bit-anti-delete/releases/download/v1.0/installer.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488313/; classtype:trojan-activity;sid:84351413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488314)"; flow:established,from_client; content:"GET"; http_method; content:"/hvkleon/text-classification-sentiment-analysis/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488314/; classtype:trojan-activity;sid:84351414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488305)"; flow:established,from_client; content:"GET"; http_method; content:"/duyanh2017/keyauth-imgui-example-protected/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488305/; classtype:trojan-activity;sid:84351405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488306)"; flow:established,from_client; content:"GET"; http_method; content:"/hvkleon/text-classification-sentiment-analysis/releases/download/v1.0/installer.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488306/; classtype:trojan-activity;sid:84351406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488307)"; flow:established,from_client; content:"GET"; http_method; content:"/thandoman/seedtool/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488307/; classtype:trojan-activity;sid:84351407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488308)"; flow:established,from_client; content:"GET"; http_method; content:"/woo071002/parcel-management-system/releases/download/v1.0/installer.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488308/; classtype:trojan-activity;sid:84351408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488304)"; flow:established,from_client; content:"GET"; http_method; content:"/thandoman/seedtool/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488304/; classtype:trojan-activity;sid:84351404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.24.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488303/; classtype:trojan-activity;sid:84351403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.30.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488302/; classtype:trojan-activity;sid:84351402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.62.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488301/; classtype:trojan-activity;sid:84351401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488300/; classtype:trojan-activity;sid:84351400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.82.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488299/; classtype:trojan-activity;sid:84351399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.30.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488298/; classtype:trojan-activity;sid:84351398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488294)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/solana-trading-bot/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488294/; classtype:trojan-activity;sid:84351394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488295)"; flow:established,from_client; content:"GET"; http_method; content:"/james14669/react-flames-calculator/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488295/; classtype:trojan-activity;sid:84351395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488296)"; flow:established,from_client; content:"GET"; http_method; content:"/attimdated/windowsdesktop3/releases/download/v1.0/release.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488296/; classtype:trojan-activity;sid:84351396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488297)"; flow:established,from_client; content:"GET"; http_method; content:"/agaztya/trezor-suite-official-wallet-management/releases/download/v2.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488297/; classtype:trojan-activity;sid:84351397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488285)"; flow:established,from_client; content:"GET"; http_method; content:"/idk471/dmail_classicemail_docs/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488285/; classtype:trojan-activity;sid:84351385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488286)"; flow:established,from_client; content:"GET"; http_method; content:"/dominossanime/asyncrat-fud-fixed-dll-remote-administration-tool-new/releases/download/v1.0/release.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488286/; classtype:trojan-activity;sid:84351386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488287)"; flow:established,from_client; content:"GET"; http_method; content:"/nguyenthanhtrung86/java-all-in-native/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488287/; classtype:trojan-activity;sid:84351387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488288)"; flow:established,from_client; content:"GET"; http_method; content:"/akusayudodograu/agentic-rag-story-generation-with-multimodal-genai/releases/download/v1.0/release.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488288/; classtype:trojan-activity;sid:84351388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488289)"; flow:established,from_client; content:"GET"; http_method; content:"/attimdated/windowsdesktop3/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488289/; classtype:trojan-activity;sid:84351389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488290)"; flow:established,from_client; content:"GET"; http_method; content:"/dominossanime/asyncrat-fud-fixed-dll-remote-administration-tool-new/releases/download/v2.0/software.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488290/; classtype:trojan-activity;sid:84351390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488291)"; flow:established,from_client; content:"GET"; http_method; content:"/kryptonnic/blue-warehousing-system/releases/download/v1.0/release.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488291/; classtype:trojan-activity;sid:84351391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488292)"; flow:established,from_client; content:"GET"; http_method; content:"/jameseeeeeeeeeee/carbon-executor/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488292/; classtype:trojan-activity;sid:84351392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488293)"; flow:established,from_client; content:"GET"; http_method; content:"/imthegoat123456/snu_2d_programmingtools_ide_2-dimensional-array/releases/download/v1.0/release.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488293/; classtype:trojan-activity;sid:84351393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.39.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488265/; classtype:trojan-activity;sid:84351365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488266)"; flow:established,from_client; content:"GET"; http_method; content:"/kietmio/awesome-nlp-papers/releases/download/v1.0/release.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488266/; classtype:trojan-activity;sid:84351366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488267)"; flow:established,from_client; content:"GET"; http_method; content:"/agaztya/trezor-suite-official-wallet-management/releases/download/v1.0/installer.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488267/; classtype:trojan-activity;sid:84351367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488268)"; flow:established,from_client; content:"GET"; http_method; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v1.0/installer.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488268/; classtype:trojan-activity;sid:84351368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488269)"; flow:established,from_client; content:"GET"; http_method; content:"/marig1204/dmail_classicemail/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488269/; classtype:trojan-activity;sid:84351369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488270)"; flow:established,from_client; content:"GET"; http_method; content:"/n0tunknown/autonics/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488270/; classtype:trojan-activity;sid:84351370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488271)"; flow:established,from_client; content:"GET"; http_method; content:"/kryptonnic/blue-warehousing-system/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488271/; classtype:trojan-activity;sid:84351371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488272)"; flow:established,from_client; content:"GET"; http_method; content:"/devzloy/openai-vector-storage-manager/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488272/; classtype:trojan-activity;sid:84351372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488273)"; flow:established,from_client; content:"GET"; http_method; content:"/itztoastie/email2_classicemail/releases/download/v1.0/installer.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488273/; classtype:trojan-activity;sid:84351373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488274)"; flow:established,from_client; content:"GET"; http_method; content:"/marig1204/dmail_classicemail/releases/download/v1.0/installer.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488274/; classtype:trojan-activity;sid:84351374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488275)"; flow:established,from_client; content:"GET"; http_method; content:"/mcflury62/zipsnipp/releases/download/v1.0/release.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488275/; classtype:trojan-activity;sid:84351375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488276)"; flow:established,from_client; content:"GET"; http_method; content:"/n0tunknown/autonics/releases/download/v1.0/release.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488276/; classtype:trojan-activity;sid:84351376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488277)"; flow:established,from_client; content:"GET"; http_method; content:"/amiine7/ffmpeg-commands/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488277/; classtype:trojan-activity;sid:84351377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488278)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/solana-trading-bot/releases/download/v1.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488278/; classtype:trojan-activity;sid:84351378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488279)"; flow:established,from_client; content:"GET"; http_method; content:"/mahmoudkhalid16/virtual-room-planner/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488279/; classtype:trojan-activity;sid:84351379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488280)"; flow:established,from_client; content:"GET"; http_method; content:"/amiine7/ffmpeg-commands/releases/download/v1.0/release.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488280/; classtype:trojan-activity;sid:84351380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488281)"; flow:established,from_client; content:"GET"; http_method; content:"/imthegoat123456/snu_2d_programmingtools_ide_2-dimensional-array/releases/download/v2.0/software.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488281/; classtype:trojan-activity;sid:84351381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488282)"; flow:established,from_client; content:"GET"; http_method; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v1.0/release.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488282/; classtype:trojan-activity;sid:84351382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488283)"; flow:established,from_client; content:"GET"; http_method; content:"/james14669/react-flames-calculator/releases/download/v1.0/release.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488283/; classtype:trojan-activity;sid:84351383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488284)"; flow:established,from_client; content:"GET"; http_method; content:"/devzloy/openai-vector-storage-manager/releases/download/v1.0/installer.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488284/; classtype:trojan-activity;sid:84351384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488264)"; flow:established,from_client; content:"GET"; http_method; content:"/itztoastie/email2_classicemail/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488264/; classtype:trojan-activity;sid:84351364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488261)"; flow:established,from_client; content:"GET"; http_method; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488261/; classtype:trojan-activity;sid:84351361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488262)"; flow:established,from_client; content:"GET"; http_method; content:"/mcflury62/zipsnipp/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488262/; classtype:trojan-activity;sid:84351362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488263)"; flow:established,from_client; content:"GET"; http_method; content:"/nguyenthanhtrung86/java-all-in-native/releases/download/v1.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488263/; classtype:trojan-activity;sid:84351363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.24.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488260/; classtype:trojan-activity;sid:84351360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.123.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488259/; classtype:trojan-activity;sid:84351359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488258)"; flow:established,from_client; content:"GET"; http_method; content:"/1sas2v1iry.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.issuingdingbat.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488258/; classtype:trojan-activity;sid:84351358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488257)"; flow:established,from_client; content:"GET"; http_method; content:"/oddj60.1eqd3"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488257/; classtype:trojan-activity;sid:84351357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.40.81.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488256/; classtype:trojan-activity;sid:84351356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.201.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488255/; classtype:trojan-activity;sid:84351355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.82.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488254/; classtype:trojan-activity;sid:84351354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.236.65.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488253/; classtype:trojan-activity;sid:84351353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.170.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488252/; classtype:trojan-activity;sid:84351352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.169.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488251/; classtype:trojan-activity;sid:84351351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.11.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488250/; classtype:trojan-activity;sid:84351350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.133.90.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488249/; classtype:trojan-activity;sid:84351349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488248)"; flow:established,from_client; content:"GET"; http_method; content:"/app/y0u3d_003.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"107.174.192.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488248/; classtype:trojan-activity;sid:84351348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.60.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488246/; classtype:trojan-activity;sid:84351346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.170.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488247/; classtype:trojan-activity;sid:84351347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488241)"; flow:established,from_client; content:"GET"; http_method; content:"/kirito090/pingrabber/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488241/; classtype:trojan-activity;sid:84351341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488242)"; flow:established,from_client; content:"GET"; http_method; content:"/frosty-goat/despeedbot/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488242/; classtype:trojan-activity;sid:84351342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488243)"; flow:established,from_client; content:"GET"; http_method; content:"/pyc888/dbcachinglayer/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488243/; classtype:trojan-activity;sid:84351343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488244)"; flow:established,from_client; content:"GET"; http_method; content:"/hermogenesjr/qeats/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488244/; classtype:trojan-activity;sid:84351344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488245)"; flow:established,from_client; content:"GET"; http_method; content:"/moatazgt3/email2_classicemail_docs/releases/download/v1.0/installer.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488245/; classtype:trojan-activity;sid:84351345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488232)"; flow:established,from_client; content:"GET"; http_method; content:"/wompwomp12321/jjsploit/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488232/; classtype:trojan-activity;sid:84351332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488233)"; flow:established,from_client; content:"GET"; http_method; content:"/bolfymcplayer/intermag/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488233/; classtype:trojan-activity;sid:84351333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488234)"; flow:established,from_client; content:"GET"; http_method; content:"/bolfymcplayer/intermag/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488234/; classtype:trojan-activity;sid:84351334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488235)"; flow:established,from_client; content:"GET"; http_method; content:"/kirito090/pingrabber/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488235/; classtype:trojan-activity;sid:84351335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488236)"; flow:established,from_client; content:"GET"; http_method; content:"/moatazgt3/email2_classicemail_docs/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488236/; classtype:trojan-activity;sid:84351336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488237)"; flow:established,from_client; content:"GET"; http_method; content:"/wompwomp12321/jjsploit/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488237/; classtype:trojan-activity;sid:84351337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488238)"; flow:established,from_client; content:"GET"; http_method; content:"/champtamutami/deepseek-azure-javascript/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488238/; classtype:trojan-activity;sid:84351338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488239)"; flow:established,from_client; content:"GET"; http_method; content:"/pyc888/dbcachinglayer/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488239/; classtype:trojan-activity;sid:84351339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.198.140.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488240/; classtype:trojan-activity;sid:84351340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.180.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488231/; classtype:trojan-activity;sid:84351331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488229)"; flow:established,from_client; content:"GET"; http_method; content:"/rieeeerieeee/understanding-react/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488229/; classtype:trojan-activity;sid:84351329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488230)"; flow:established,from_client; content:"GET"; http_method; content:"/frosty-goat/despeedbot/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488230/; classtype:trojan-activity;sid:84351330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.59.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488228/; classtype:trojan-activity;sid:84351328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488227)"; flow:established,from_client; content:"GET"; http_method; content:"/ls/hard.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"147.45.44.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488227/; classtype:trojan-activity;sid:84351327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.108.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488225/; classtype:trojan-activity;sid:84351325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.208.170.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488226/; classtype:trojan-activity;sid:84351326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.68.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488224/; classtype:trojan-activity;sid:84351324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488217)"; flow:established,from_client; content:"GET"; http_method; content:"/host/originnewwww.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488217/; classtype:trojan-activity;sid:84351317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488218)"; flow:established,from_client; content:"GET"; http_method; content:"/host/stephh.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488218/; classtype:trojan-activity;sid:84351318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488219)"; flow:established,from_client; content:"GET"; http_method; content:"/host/kent.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488219/; classtype:trojan-activity;sid:84351319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488220)"; flow:established,from_client; content:"GET"; http_method; content:"/host/steph.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488220/; classtype:trojan-activity;sid:84351320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488221)"; flow:established,from_client; content:"GET"; http_method; content:"/host/devil.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488221/; classtype:trojan-activity;sid:84351321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488222)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/xenbuild.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488222/; classtype:trojan-activity;sid:84351322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488223)"; flow:established,from_client; content:"GET"; http_method; content:"/host/kent.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488223/; classtype:trojan-activity;sid:84351323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.201.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488216/; classtype:trojan-activity;sid:84351316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.90.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488215/; classtype:trojan-activity;sid:84351315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488214)"; flow:established,from_client; content:"GET"; http_method; content:"/kirito1110/licenses/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488214/; classtype:trojan-activity;sid:84351314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488213)"; flow:established,from_client; content:"GET"; http_method; content:"/vsparedes/pycalc/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488213/; classtype:trojan-activity;sid:84351313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488207)"; flow:established,from_client; content:"GET"; http_method; content:"/egejuniyors/parvanota/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488207/; classtype:trojan-activity;sid:84351307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488208)"; flow:established,from_client; content:"GET"; http_method; content:"/skibiditoilet123xx/sinav-otomasyonu-prototip/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488208/; classtype:trojan-activity;sid:84351308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488209)"; flow:established,from_client; content:"GET"; http_method; content:"/skibiditoilet123xx/sinav-otomasyonu-prototip/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488209/; classtype:trojan-activity;sid:84351309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488210)"; flow:established,from_client; content:"GET"; http_method; content:"/fluidx2/roombooking_application/releases/download/v1.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488210/; classtype:trojan-activity;sid:84351310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488211)"; flow:established,from_client; content:"GET"; http_method; content:"/viper700pro/serum-vst-installer-2024-free/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488211/; classtype:trojan-activity;sid:84351311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488212)"; flow:established,from_client; content:"GET"; http_method; content:"/jentao1234/guiamestre.js/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488212/; classtype:trojan-activity;sid:84351312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.36.155.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488205/; classtype:trojan-activity;sid:84351305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488206)"; flow:established,from_client; content:"GET"; http_method; content:"/damaonly/android-worker/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488206/; classtype:trojan-activity;sid:84351306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488203)"; flow:established,from_client; content:"GET"; http_method; content:"/ella00311/erugo/releases/download/v1.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488203/; classtype:trojan-activity;sid:84351303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488204)"; flow:established,from_client; content:"GET"; http_method; content:"/jentao1234/guiamestre.js/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488204/; classtype:trojan-activity;sid:84351304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488202)"; flow:established,from_client; content:"GET"; http_method; content:"/3d2d2e33-0f37-484c-8992-98d5d40799e0/aotbst.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"cdn.glitch.global"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488202/; classtype:trojan-activity;sid:84351302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488201)"; flow:established,from_client; content:"GET"; http_method; content:"/189/milkgd/milk/verygoodmilkgivebestmilkevergivenreturnbackwith_____verygoodmilkgivebestmilkevergivenreturnbackwith_______verygoodmilkgivebestmilkevergivenreturnbackwith.doc"; http_uri; depth:174; isdataat:!1,relative; nocase; content:"144.91.127.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488201/; classtype:trojan-activity;sid:84351301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488199)"; flow:established,from_client; content:"GET"; http_method; content:"/910/nicworkingskillbetterwithnicetechnology.hta"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"104.168.7.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488199/; classtype:trojan-activity;sid:84351299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488200)"; flow:established,from_client; content:"GET"; http_method; content:"/d/fbdzn5ru/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488200/; classtype:trojan-activity;sid:84351300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.142.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488198/; classtype:trojan-activity;sid:84351298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.107.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488197/; classtype:trojan-activity;sid:84351297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.40.81.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488196/; classtype:trojan-activity;sid:84351296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.140.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488195/; classtype:trojan-activity;sid:84351295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.108.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488194/; classtype:trojan-activity;sid:84351294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.101.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488193/; classtype:trojan-activity;sid:84351293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.59.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488192/; classtype:trojan-activity;sid:84351292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488182)"; flow:established,from_client; content:"GET"; http_method; content:"/nour10381/cosmicstar/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488182/; classtype:trojan-activity;sid:84351282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488183)"; flow:established,from_client; content:"GET"; http_method; content:"/abhinavchetla/seedgn/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488183/; classtype:trojan-activity;sid:84351283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488184)"; flow:established,from_client; content:"GET"; http_method; content:"/nour10381/cosmicstar/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488184/; classtype:trojan-activity;sid:84351284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488185)"; flow:established,from_client; content:"GET"; http_method; content:"/powerangermerah/esp8266_esp32_web_file_manager/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488185/; classtype:trojan-activity;sid:84351285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488186)"; flow:established,from_client; content:"GET"; http_method; content:"/powerangermerah/esp8266_esp32_web_file_manager/releases/download/v1.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488186/; classtype:trojan-activity;sid:84351286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488187)"; flow:established,from_client; content:"GET"; http_method; content:"/fatai-mateen/shadowtool/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488187/; classtype:trojan-activity;sid:84351287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488188)"; flow:established,from_client; content:"GET"; http_method; content:"/fatai-mateen/shadowtool/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488188/; classtype:trojan-activity;sid:84351288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488189)"; flow:established,from_client; content:"GET"; http_method; content:"/vrus67/crystaltool/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488189/; classtype:trojan-activity;sid:84351289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488190)"; flow:established,from_client; content:"GET"; http_method; content:"/vrus67/crystaltool/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488190/; classtype:trojan-activity;sid:84351290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488191)"; flow:established,from_client; content:"GET"; http_method; content:"/abhinavchetla/seedgn/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488191/; classtype:trojan-activity;sid:84351291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488181)"; flow:established,from_client; content:"GET"; http_method; content:"/aufahuhs/advanced-machine-learning-personal-project/releases/download/v1.0/software.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488181/; classtype:trojan-activity;sid:84351281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488178)"; flow:established,from_client; content:"GET"; http_method; content:"/mantokarev/silencegen/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488178/; classtype:trojan-activity;sid:84351278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488179)"; flow:established,from_client; content:"GET"; http_method; content:"/mantokarev/silencegen/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488179/; classtype:trojan-activity;sid:84351279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488180)"; flow:established,from_client; content:"GET"; http_method; content:"/jusjus-m/map/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488180/; classtype:trojan-activity;sid:84351280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.90.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488177/; classtype:trojan-activity;sid:84351277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.100.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488176/; classtype:trojan-activity;sid:84351276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.52.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488175/; classtype:trojan-activity;sid:84351275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.169.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488174/; classtype:trojan-activity;sid:84351274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488172)"; flow:established,from_client; content:"GET"; http_method; content:"/files/2043702969/jq0hgdz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488172/; classtype:trojan-activity;sid:84351272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488173)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6684167363/rbunknd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488173/; classtype:trojan-activity;sid:84351273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.82.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488171/; classtype:trojan-activity;sid:84351271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.249.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488169/; classtype:trojan-activity;sid:84351269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488170/; classtype:trojan-activity;sid:84351270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.137.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488168/; classtype:trojan-activity;sid:84351268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488167)"; flow:established,from_client; content:"GET"; http_method; content:"/hpj65kucbb.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.issuingdingbat.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488167/; classtype:trojan-activity;sid:84351267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.132.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488166/; classtype:trojan-activity;sid:84351266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.208.170.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488165/; classtype:trojan-activity;sid:84351265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.22.12.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488164/; classtype:trojan-activity;sid:84351264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.107.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488163/; classtype:trojan-activity;sid:84351263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488162)"; flow:established,from_client; content:"GET"; http_method; content:"/berstarhunter/deepseek-start/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488162/; classtype:trojan-activity;sid:84351262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488160)"; flow:established,from_client; content:"GET"; http_method; content:"/waleeddevel/driver-booster-pro-installer-2025/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488160/; classtype:trojan-activity;sid:84351260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488161)"; flow:established,from_client; content:"GET"; http_method; content:"/jeremiah95676t/openmetadata-helm-argocd/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488161/; classtype:trojan-activity;sid:84351261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.52.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488159/; classtype:trojan-activity;sid:84351259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488157)"; flow:established,from_client; content:"GET"; http_method; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488157/; classtype:trojan-activity;sid:84351257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488158)"; flow:established,from_client; content:"GET"; http_method; content:"/athul132/pump-fun-backend/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488158/; classtype:trojan-activity;sid:84351258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488154)"; flow:established,from_client; content:"GET"; http_method; content:"/anonnimo/nitropage/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488154/; classtype:trojan-activity;sid:84351254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488155)"; flow:established,from_client; content:"GET"; http_method; content:"/athul132/pump-fun-backend/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488155/; classtype:trojan-activity;sid:84351255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488156)"; flow:established,from_client; content:"GET"; http_method; content:"/irfanr-source/synthtweet/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488156/; classtype:trojan-activity;sid:84351256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488147)"; flow:established,from_client; content:"GET"; http_method; content:"/arya-gg/axium/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488147/; classtype:trojan-activity;sid:84351247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488148)"; flow:established,from_client; content:"GET"; http_method; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v1.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488148/; classtype:trojan-activity;sid:84351248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488149)"; flow:established,from_client; content:"GET"; http_method; content:"/jeremiah95676t/openmetadata-helm-argocd/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488149/; classtype:trojan-activity;sid:84351249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488150)"; flow:established,from_client; content:"GET"; http_method; content:"/anonnimo/nitropage/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488150/; classtype:trojan-activity;sid:84351250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488151)"; flow:established,from_client; content:"GET"; http_method; content:"/aksoo7/solbf/releases/download/v2.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488151/; classtype:trojan-activity;sid:84351251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488152)"; flow:established,from_client; content:"GET"; http_method; content:"/berstarhunter/deepseek-start/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488152/; classtype:trojan-activity;sid:84351252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488153)"; flow:established,from_client; content:"GET"; http_method; content:"/toe2132313/zorvex-cat/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488153/; classtype:trojan-activity;sid:84351253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488146)"; flow:established,from_client; content:"GET"; http_method; content:"/irfanr-source/synthtweet/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488146/; classtype:trojan-activity;sid:84351246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.105.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488145/; classtype:trojan-activity;sid:84351245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.56.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488143/; classtype:trojan-activity;sid:84351243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.132.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488144/; classtype:trojan-activity;sid:84351244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.101.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488142/; classtype:trojan-activity;sid:84351242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.23.10.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488141/; classtype:trojan-activity;sid:84351241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.233.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488140/; classtype:trojan-activity;sid:84351240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.121.69.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488139/; classtype:trojan-activity;sid:84351239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.120.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488138/; classtype:trojan-activity;sid:84351238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.253.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488137/; classtype:trojan-activity;sid:84351237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.17.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488136/; classtype:trojan-activity;sid:84351236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.82.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488135/; classtype:trojan-activity;sid:84351235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488128)"; flow:established,from_client; content:"GET"; http_method; content:"/loudwens/displayindex/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488128/; classtype:trojan-activity;sid:84351228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488129)"; flow:established,from_client; content:"GET"; http_method; content:"/tim2010990106/catalogue-of-languages/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488129/; classtype:trojan-activity;sid:84351229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488130)"; flow:established,from_client; content:"GET"; http_method; content:"/ariel-pachec0/seeyoohk.github.io/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488130/; classtype:trojan-activity;sid:84351230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488131)"; flow:established,from_client; content:"GET"; http_method; content:"/12301530/pump-fun-frontend/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488131/; classtype:trojan-activity;sid:84351231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488132)"; flow:established,from_client; content:"GET"; http_method; content:"/loudwens/displayindex/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488132/; classtype:trojan-activity;sid:84351232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488133)"; flow:established,from_client; content:"GET"; http_method; content:"/patacalida/churn-prediction/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488133/; classtype:trojan-activity;sid:84351233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488134)"; flow:established,from_client; content:"GET"; http_method; content:"/iguit-1/instagramuseranalysis/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488134/; classtype:trojan-activity;sid:84351234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488125)"; flow:established,from_client; content:"GET"; http_method; content:"/12301530/pump-fun-frontend/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488125/; classtype:trojan-activity;sid:84351225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488126)"; flow:established,from_client; content:"GET"; http_method; content:"/tim2010990106/catalogue-of-languages/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488126/; classtype:trojan-activity;sid:84351226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488127)"; flow:established,from_client; content:"GET"; http_method; content:"/miyajianimation/spam-filter/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488127/; classtype:trojan-activity;sid:84351227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488123)"; flow:established,from_client; content:"GET"; http_method; content:"/ariel-pachec0/seeyoohk.github.io/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488123/; classtype:trojan-activity;sid:84351223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488124)"; flow:established,from_client; content:"GET"; http_method; content:"/miyajianimation/spam-filter/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488124/; classtype:trojan-activity;sid:84351224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.249.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488122/; classtype:trojan-activity;sid:84351222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.6.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488121/; classtype:trojan-activity;sid:84351221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.23.10.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488120/; classtype:trojan-activity;sid:84351220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.132.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488119/; classtype:trojan-activity;sid:84351219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.199.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488118/; classtype:trojan-activity;sid:84351218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.56.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488117/; classtype:trojan-activity;sid:84351217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.234.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488116/; classtype:trojan-activity;sid:84351216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.123.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488115/; classtype:trojan-activity;sid:84351215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488114)"; flow:established,from_client; content:"GET"; http_method; content:"/lleonex/marsdevx/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488114/; classtype:trojan-activity;sid:84351214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488113)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.77.246.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488113/; classtype:trojan-activity;sid:84351213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488103)"; flow:established,from_client; content:"GET"; http_method; content:"/saninmysore/aws-face-recognition/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488103/; classtype:trojan-activity;sid:84351203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488104)"; flow:established,from_client; content:"GET"; http_method; content:"/irifjfjfj/universal-hwid-spoofer/releases/download/v2.2.0/release.v2.2.0.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488104/; classtype:trojan-activity;sid:84351204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488105)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"anti.linkpc.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488105/; classtype:trojan-activity;sid:84351205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488106)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"anti.linkpc.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488106/; classtype:trojan-activity;sid:84351206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488107)"; flow:established,from_client; content:"GET"; http_method; content:"/onikyoge/words-on-stream-bot/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488107/; classtype:trojan-activity;sid:84351207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488108)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.77.246.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488108/; classtype:trojan-activity;sid:84351208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488109)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.77.246.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488109/; classtype:trojan-activity;sid:84351209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488110)"; flow:established,from_client; content:"GET"; http_method; content:"/flarerealfr/url-biblioteca-web/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488110/; classtype:trojan-activity;sid:84351210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488111)"; flow:established,from_client; content:"GET"; http_method; content:"/sinelli/a2.games/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488111/; classtype:trojan-activity;sid:84351211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488112)"; flow:established,from_client; content:"GET"; http_method; content:"/suprithakv02/buildfair/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488112/; classtype:trojan-activity;sid:84351212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488095)"; flow:established,from_client; content:"GET"; http_method; content:"/arthurvill/laravel-todos-list-2019/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488095/; classtype:trojan-activity;sid:84351195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488096)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr-web-cloud/localprompt/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488096/; classtype:trojan-activity;sid:84351196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488097)"; flow:established,from_client; content:"GET"; http_method; content:"/chethanks2005/visionuav-navigation/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488097/; classtype:trojan-activity;sid:84351197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488098)"; flow:established,from_client; content:"GET"; http_method; content:"/prakrititz/deepwater/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488098/; classtype:trojan-activity;sid:84351198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488099)"; flow:established,from_client; content:"GET"; http_method; content:"/hackedbysushi/local_deep_seek/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488099/; classtype:trojan-activity;sid:84351199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488100)"; flow:established,from_client; content:"GET"; http_method; content:"/huizuohaode/leaf/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488100/; classtype:trojan-activity;sid:84351200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488101)"; flow:established,from_client; content:"GET"; http_method; content:"/dkpetrov/agent-flux/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488101/; classtype:trojan-activity;sid:84351201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488102)"; flow:established,from_client; content:"GET"; http_method; content:"/futurinav/esteai/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488102/; classtype:trojan-activity;sid:84351202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488089)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"anti.linkpc.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488089/; classtype:trojan-activity;sid:84351189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488090)"; flow:established,from_client; content:"GET"; http_method; content:"/maxiazzinnari/mint-nft-on-sui/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488090/; classtype:trojan-activity;sid:84351190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488091)"; flow:established,from_client; content:"GET"; http_method; content:"/ahsankhan55/send-form-email/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488091/; classtype:trojan-activity;sid:84351191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488092)"; flow:established,from_client; content:"GET"; http_method; content:"/faheem6969/citrix-workspace-software/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488092/; classtype:trojan-activity;sid:84351192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488093)"; flow:established,from_client; content:"GET"; http_method; content:"/erick265/telegramchatorganizer/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488093/; classtype:trojan-activity;sid:84351193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488094)"; flow:established,from_client; content:"GET"; http_method; content:"/araakun/19-splash-screen-for-swiftui/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488094/; classtype:trojan-activity;sid:84351194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488077)"; flow:established,from_client; content:"GET"; http_method; content:"/gilangmlnt/todo-list-react/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488077/; classtype:trojan-activity;sid:84351177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488078)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"anti.linkpc.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488078/; classtype:trojan-activity;sid:84351178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488079)"; flow:established,from_client; content:"GET"; http_method; content:"/alsooory/svg-templates/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488079/; classtype:trojan-activity;sid:84351179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488080)"; flow:established,from_client; content:"GET"; http_method; content:"/fadoulsaboune/amazon-power-bi-dashboard/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488080/; classtype:trojan-activity;sid:84351180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488081)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"anti.linkpc.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488081/; classtype:trojan-activity;sid:84351181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488082)"; flow:established,from_client; content:"GET"; http_method; content:"/thehitter98709/gitkot/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488082/; classtype:trojan-activity;sid:84351182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488083)"; flow:established,from_client; content:"GET"; http_method; content:"/moshe236/vanishmail/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488083/; classtype:trojan-activity;sid:84351183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488084)"; flow:established,from_client; content:"GET"; http_method; content:"/awskhahaha/a/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488084/; classtype:trojan-activity;sid:84351184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488085)"; flow:established,from_client; content:"GET"; http_method; content:"/bobbysaremine/hb2/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488085/; classtype:trojan-activity;sid:84351185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488086)"; flow:established,from_client; content:"GET"; http_method; content:"/marinjen/sony-vegas-2024/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488086/; classtype:trojan-activity;sid:84351186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488087)"; flow:established,from_client; content:"GET"; http_method; content:"/vickorkumar/666/releases/download/v1.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488087/; classtype:trojan-activity;sid:84351187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488088)"; flow:established,from_client; content:"GET"; http_method; content:"/manuxing/cloudflare-dns-swarm/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488088/; classtype:trojan-activity;sid:84351188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488073)"; flow:established,from_client; content:"GET"; http_method; content:"/frogmen123/saas-billing-tracker/releases/download/v1.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488073/; classtype:trojan-activity;sid:84351173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488074)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"anti.linkpc.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488074/; classtype:trojan-activity;sid:84351174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488075)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_airbnb-lottie/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488075/; classtype:trojan-activity;sid:84351175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488076)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.77.246.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488076/; classtype:trojan-activity;sid:84351176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488069)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.77.246.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488069/; classtype:trojan-activity;sid:84351169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488070)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"anti.linkpc.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488070/; classtype:trojan-activity;sid:84351170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488071)"; flow:established,from_client; content:"GET"; http_method; content:"/nusicinmind.mp3"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ziudan.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488071/; classtype:trojan-activity;sid:84351171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488072)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.77.246.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488072/; classtype:trojan-activity;sid:84351172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488066)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"anti.linkpc.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488066/; classtype:trojan-activity;sid:84351166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488067)"; flow:established,from_client; content:"GET"; http_method; content:"/sudi008/mocha-job-portal-frontend/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488067/; classtype:trojan-activity;sid:84351167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488068)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"anti.linkpc.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488068/; classtype:trojan-activity;sid:84351168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488064)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"anti.linkpc.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488064/; classtype:trojan-activity;sid:84351164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488065)"; flow:established,from_client; content:"GET"; http_method; content:"/nirvash27/doctor-dok/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488065/; classtype:trojan-activity;sid:84351165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488062)"; flow:established,from_client; content:"GET"; http_method; content:"/afthab21/movieapp/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488062/; classtype:trojan-activity;sid:84351162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488063)"; flow:established,from_client; content:"GET"; http_method; content:"/output.bat"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"discords.bz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488063/; classtype:trojan-activity;sid:84351163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488059)"; flow:established,from_client; content:"GET"; http_method; content:"/btl-ltw/back-end/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488059/; classtype:trojan-activity;sid:84351159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488060)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"anti.linkpc.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488060/; classtype:trojan-activity;sid:84351160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488061)"; flow:established,from_client; content:"GET"; http_method; content:"/ayobcoding/deep-research-py/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488061/; classtype:trojan-activity;sid:84351161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488054)"; flow:established,from_client; content:"GET"; http_method; content:"/keanusmall/sahimatch.ai/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488054/; classtype:trojan-activity;sid:84351154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488055)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"anti.linkpc.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488055/; classtype:trojan-activity;sid:84351155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488056)"; flow:established,from_client; content:"GET"; http_method; content:"/smj3300fn/fff/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488056/; classtype:trojan-activity;sid:84351156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488057)"; flow:established,from_client; content:"GET"; http_method; content:"/alejandro5486/infestuswebapp/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488057/; classtype:trojan-activity;sid:84351157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488058)"; flow:established,from_client; content:"GET"; http_method; content:"/aashishpatil2001/coffee_causality/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488058/; classtype:trojan-activity;sid:84351158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488035)"; flow:established,from_client; content:"GET"; http_method; content:"/kossiw/olievra/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488035/; classtype:trojan-activity;sid:84351135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488036)"; flow:established,from_client; content:"GET"; http_method; content:"/nodiq/tempmail/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488036/; classtype:trojan-activity;sid:84351136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488037)"; flow:established,from_client; content:"GET"; http_method; content:"/narrr16/pihole-ausnews/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488037/; classtype:trojan-activity;sid:84351137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488038)"; flow:established,from_client; content:"GET"; http_method; content:"/jamjam1234927/eth-mev-bot/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488038/; classtype:trojan-activity;sid:84351138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488039)"; flow:established,from_client; content:"GET"; http_method; content:"/vipshiva/sss/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488039/; classtype:trojan-activity;sid:84351139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488040)"; flow:established,from_client; content:"GET"; http_method; content:"/halla2023/infernovm.net/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488040/; classtype:trojan-activity;sid:84351140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488041)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.77.246.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488041/; classtype:trojan-activity;sid:84351141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488042)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.77.246.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488042/; classtype:trojan-activity;sid:84351142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488043)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.77.246.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488043/; classtype:trojan-activity;sid:84351143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488044)"; flow:established,from_client; content:"GET"; http_method; content:"/klhaus24/android-x64_livecd_13b_docs/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488044/; classtype:trojan-activity;sid:84351144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488045)"; flow:established,from_client; content:"GET"; http_method; content:"/narrr16/pihole-ausnews/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488045/; classtype:trojan-activity;sid:84351145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488046)"; flow:established,from_client; content:"GET"; http_method; content:"/keitaro000/oliver-3/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488046/; classtype:trojan-activity;sid:84351146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488047)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.77.246.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488047/; classtype:trojan-activity;sid:84351147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488048)"; flow:established,from_client; content:"GET"; http_method; content:"/treyskz/burstsms/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488048/; classtype:trojan-activity;sid:84351148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488049)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.77.246.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488049/; classtype:trojan-activity;sid:84351149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488050)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.77.246.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488050/; classtype:trojan-activity;sid:84351150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488051)"; flow:established,from_client; content:"GET"; http_method; content:"/roduz-dev/selfhost-dl/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488051/; classtype:trojan-activity;sid:84351151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488052)"; flow:established,from_client; content:"GET"; http_method; content:"/chrlzjanem/laravel-py/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488052/; classtype:trojan-activity;sid:84351152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488053)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"anti.linkpc.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488053/; classtype:trojan-activity;sid:84351153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488024)"; flow:established,from_client; content:"GET"; http_method; content:"/rila111/content2map/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488024/; classtype:trojan-activity;sid:84351124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488025)"; flow:established,from_client; content:"GET"; http_method; content:"/alfa786-creator/pic-squeeze/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488025/; classtype:trojan-activity;sid:84351125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488026)"; flow:established,from_client; content:"GET"; http_method; content:"/lalovargas69/pixel-gun-3d-pc-cheats/releases/download/v1.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488026/; classtype:trojan-activity;sid:84351126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488027)"; flow:established,from_client; content:"GET"; http_method; content:"/ashwani15upadhyay/mandragora/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488027/; classtype:trojan-activity;sid:84351127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488028)"; flow:established,from_client; content:"GET"; http_method; content:"/sudhanshu182004/ml-from-scratch/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488028/; classtype:trojan-activity;sid:84351128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488029)"; flow:established,from_client; content:"GET"; http_method; content:"/confidencemedia/switch-timeframes-keys/releases/download/v1.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488029/; classtype:trojan-activity;sid:84351129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488030)"; flow:established,from_client; content:"GET"; http_method; content:"/mrcaptain27/lianjiascraper/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488030/; classtype:trojan-activity;sid:84351130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488031)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrocosta1134/dwellio/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488031/; classtype:trojan-activity;sid:84351131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488032)"; flow:established,from_client; content:"GET"; http_method; content:"/arthurvill/todolist/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488032/; classtype:trojan-activity;sid:84351132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488033)"; flow:established,from_client; content:"GET"; http_method; content:"/platha19vsb/dcf-valuation/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488033/; classtype:trojan-activity;sid:84351133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488034)"; flow:established,from_client; content:"GET"; http_method; content:"/yogeshnicks/loader-ldtk/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488034/; classtype:trojan-activity;sid:84351134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488023)"; flow:established,from_client; content:"GET"; http_method; content:"/vukhang16/ggg/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488023/; classtype:trojan-activity;sid:84351123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488022)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.77.246.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488022/; classtype:trojan-activity;sid:84351122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488020)"; flow:established,from_client; content:"GET"; http_method; content:"/luigi112299/zana-client/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488020/; classtype:trojan-activity;sid:84351120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488021)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_airbnb-lottie/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488021/; classtype:trojan-activity;sid:84351121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488010)"; flow:established,from_client; content:"GET"; http_method; content:"/titiaswe12/rozetka-admin-panel/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488010/; classtype:trojan-activity;sid:84351110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488011)"; flow:established,from_client; content:"GET"; http_method; content:"/cedrickly/master-s-research-project/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488011/; classtype:trojan-activity;sid:84351111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488012)"; flow:established,from_client; content:"GET"; http_method; content:"/murodsb/bool-automation-script/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488012/; classtype:trojan-activity;sid:84351112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488013)"; flow:established,from_client; content:"GET"; http_method; content:"/saged-19/deeper-seeker/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488013/; classtype:trojan-activity;sid:84351113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488014)"; flow:established,from_client; content:"GET"; http_method; content:"/mejicool/casino-scripts.com-/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488014/; classtype:trojan-activity;sid:84351114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488015)"; flow:established,from_client; content:"GET"; http_method; content:"/manangoyal-coder/dosint/releases/download/v1.0/app.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488015/; classtype:trojan-activity;sid:84351115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488016)"; flow:established,from_client; content:"GET"; http_method; content:"/rizki7680/auto-gmtsar-setup/releases/download/v1.0/app.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488016/; classtype:trojan-activity;sid:84351116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488017)"; flow:established,from_client; content:"GET"; http_method; content:"/yourmumsbad/testkanban/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488017/; classtype:trojan-activity;sid:84351117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488018)"; flow:established,from_client; content:"GET"; http_method; content:"/perish76b/ratter-app/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488018/; classtype:trojan-activity;sid:84351118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488019)"; flow:established,from_client; content:"GET"; http_method; content:"/heru2212/files-sorter/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488019/; classtype:trojan-activity;sid:84351119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488008)"; flow:established,from_client; content:"GET"; http_method; content:"/manangoyal-coder/dosint/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488008/; classtype:trojan-activity;sid:84351108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488009)"; flow:established,from_client; content:"GET"; http_method; content:"/murodsb/bool-automation-script/releases/download/v1.0/app.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488009/; classtype:trojan-activity;sid:84351109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488006)"; flow:established,from_client; content:"GET"; http_method; content:"/ttoyi/basic-web-auth/releases/download/v1.0/app.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488006/; classtype:trojan-activity;sid:84351106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488007)"; flow:established,from_client; content:"GET"; http_method; content:"/subhankarpramanik/drfone-toolkit/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488007/; classtype:trojan-activity;sid:84351107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488004)"; flow:established,from_client; content:"GET"; http_method; content:"/kaasman123/pgalp.github.io/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488004/; classtype:trojan-activity;sid:84351104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488005)"; flow:established,from_client; content:"GET"; http_method; content:"/vo6p/caesarjaw/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488005/; classtype:trojan-activity;sid:84351105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487999)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenyy/prestigepreview_python_docs/releases/download/v1.0/app.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487999/; classtype:trojan-activity;sid:84351099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488000)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/invenstock/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488000/; classtype:trojan-activity;sid:84351100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488001)"; flow:established,from_client; content:"GET"; http_method; content:"/riusni/zipship-parcel-management-client/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488001/; classtype:trojan-activity;sid:84351101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488002)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenyy/prestigepreview_python_docs/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488002/; classtype:trojan-activity;sid:84351102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488003)"; flow:established,from_client; content:"GET"; http_method; content:"/miniskizo/glasswire-elite-free/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488003/; classtype:trojan-activity;sid:84351103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487998)"; flow:established,from_client; content:"GET"; http_method; content:"/vo6p/caesarjaw/releases/download/v1.0/app.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487998/; classtype:trojan-activity;sid:84351098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487995)"; flow:established,from_client; content:"GET"; http_method; content:"/titiaswe12/rozetka-admin-panel/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487995/; classtype:trojan-activity;sid:84351095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487996)"; flow:established,from_client; content:"GET"; http_method; content:"/afjhr/iexplorer-free/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487996/; classtype:trojan-activity;sid:84351096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487997)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowmask0/remix-app/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487997/; classtype:trojan-activity;sid:84351097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487993)"; flow:established,from_client; content:"GET"; http_method; content:"/rcacaca/desktop-os/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487993/; classtype:trojan-activity;sid:84351093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487994)"; flow:established,from_client; content:"GET"; http_method; content:"/raiokkj/avs-audio-converter-free/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487994/; classtype:trojan-activity;sid:84351094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487992)"; flow:established,from_client; content:"GET"; http_method; content:"/saged-19/deeper-seeker/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487992/; classtype:trojan-activity;sid:84351092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487991)"; flow:established,from_client; content:"GET"; http_method; content:"/brianreon/chaplin/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487991/; classtype:trojan-activity;sid:84351091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487990)"; flow:established,from_client; content:"GET"; http_method; content:"/lochielochie/open-deep-research/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487990/; classtype:trojan-activity;sid:84351090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487988)"; flow:established,from_client; content:"GET"; http_method; content:"/totia092/adobe-acrobat-pro-2025-latest/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487988/; classtype:trojan-activity;sid:84351088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487989)"; flow:established,from_client; content:"GET"; http_method; content:"/dagchsgame/microsoft-md-102-dumps-pdf/releases/download/v1.0/app.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487989/; classtype:trojan-activity;sid:84351089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487981)"; flow:established,from_client; content:"GET"; http_method; content:"/dedywahyudi1/minesweeper/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487981/; classtype:trojan-activity;sid:84351081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487982)"; flow:established,from_client; content:"GET"; http_method; content:"/riusni/zipship-parcel-management-client/releases/download/v1.0/app.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487982/; classtype:trojan-activity;sid:84351082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487983)"; flow:established,from_client; content:"GET"; http_method; content:"/zeidmakic/quorixjwt/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487983/; classtype:trojan-activity;sid:84351083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487984)"; flow:established,from_client; content:"GET"; http_method; content:"/cedrickly/master-s-research-project/releases/download/v1.0/app.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487984/; classtype:trojan-activity;sid:84351084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487985)"; flow:established,from_client; content:"GET"; http_method; content:"/hotdogcookie20/yingyanai/releases/download/v1.0/app.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487985/; classtype:trojan-activity;sid:84351085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487986)"; flow:established,from_client; content:"GET"; http_method; content:"/biggobble46/freeddit/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487986/; classtype:trojan-activity;sid:84351086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487987)"; flow:established,from_client; content:"GET"; http_method; content:"/m2iq1/sendfakebtc/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487987/; classtype:trojan-activity;sid:84351087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487979)"; flow:established,from_client; content:"GET"; http_method; content:"/lochielochie/open-deep-research/releases/download/v1.0/app.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487979/; classtype:trojan-activity;sid:84351079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487980)"; flow:established,from_client; content:"GET"; http_method; content:"/bloodbag/prestigepreview_webgl_docs/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487980/; classtype:trojan-activity;sid:84351080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487976)"; flow:established,from_client; content:"GET"; http_method; content:"/finmvp/trading-platform/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487976/; classtype:trojan-activity;sid:84351076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487977)"; flow:established,from_client; content:"GET"; http_method; content:"/zeidmakic/quorixjwt/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487977/; classtype:trojan-activity;sid:84351077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487978)"; flow:established,from_client; content:"GET"; http_method; content:"/tukiiq9/assertive/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487978/; classtype:trojan-activity;sid:84351078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487971)"; flow:established,from_client; content:"GET"; http_method; content:"/abdulbasii/spectra/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487971/; classtype:trojan-activity;sid:84351071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487972)"; flow:established,from_client; content:"GET"; http_method; content:"/dedywahyudi1/minesweeper/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487972/; classtype:trojan-activity;sid:84351072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487973)"; flow:established,from_client; content:"GET"; http_method; content:"/abdulbasii/spectra/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487973/; classtype:trojan-activity;sid:84351073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487974)"; flow:established,from_client; content:"GET"; http_method; content:"/amoni2019/fonepaw-screen-recorder-free/releases/download/v1.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487974/; classtype:trojan-activity;sid:84351074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487975)"; flow:established,from_client; content:"GET"; http_method; content:"/brotimer24/chargingassignment.withtests/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487975/; classtype:trojan-activity;sid:84351075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487965)"; flow:established,from_client; content:"GET"; http_method; content:"/nemanjas1213/blitzssh/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487965/; classtype:trojan-activity;sid:84351065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487966)"; flow:established,from_client; content:"GET"; http_method; content:"/subhankarpramanik/drfone-toolkit/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487966/; classtype:trojan-activity;sid:84351066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487967)"; flow:established,from_client; content:"GET"; http_method; content:"/nemanjas1213/blitzssh/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487967/; classtype:trojan-activity;sid:84351067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487968)"; flow:established,from_client; content:"GET"; http_method; content:"/lazarot/operatornext/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487968/; classtype:trojan-activity;sid:84351068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487969)"; flow:established,from_client; content:"GET"; http_method; content:"/123450-cloud/bestcodes.dev/releases/download/v1.0/app.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487969/; classtype:trojan-activity;sid:84351069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487970)"; flow:established,from_client; content:"GET"; http_method; content:"/finmvp/trading-platform/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487970/; classtype:trojan-activity;sid:84351070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487963)"; flow:established,from_client; content:"GET"; http_method; content:"/brianreon/chaplin/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487963/; classtype:trojan-activity;sid:84351063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487964)"; flow:established,from_client; content:"GET"; http_method; content:"/vjgara/vuescan-pro-free/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487964/; classtype:trojan-activity;sid:84351064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487957)"; flow:established,from_client; content:"GET"; http_method; content:"/lazarot/operatornext/releases/download/v1.0/app.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487957/; classtype:trojan-activity;sid:84351057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487958)"; flow:established,from_client; content:"GET"; http_method; content:"/123450-cloud/bestcodes.dev/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487958/; classtype:trojan-activity;sid:84351058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487959)"; flow:established,from_client; content:"GET"; http_method; content:"/lautarigauna/eviltwin-esp8622/releases/download/v1.0/app.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487959/; classtype:trojan-activity;sid:84351059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487960)"; flow:established,from_client; content:"GET"; http_method; content:"/miniskizo/glasswire-elite-free/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487960/; classtype:trojan-activity;sid:84351060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487961)"; flow:established,from_client; content:"GET"; http_method; content:"/mkiuk/jullus2api/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487961/; classtype:trojan-activity;sid:84351061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487962)"; flow:established,from_client; content:"GET"; http_method; content:"/vjgara/vuescan-pro-free/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487962/; classtype:trojan-activity;sid:84351062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487946)"; flow:established,from_client; content:"GET"; http_method; content:"/lautarigauna/eviltwin-esp8622/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487946/; classtype:trojan-activity;sid:84351046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487947)"; flow:established,from_client; content:"GET"; http_method; content:"/jay3x/auto-commit/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487947/; classtype:trojan-activity;sid:84351047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487948)"; flow:established,from_client; content:"GET"; http_method; content:"/ethanpoo/babyblog/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487948/; classtype:trojan-activity;sid:84351048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487949)"; flow:established,from_client; content:"GET"; http_method; content:"/namensenn/coding-practice-32-car/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487949/; classtype:trojan-activity;sid:84351049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487950)"; flow:established,from_client; content:"GET"; http_method; content:"/brotimer24/chargingassignment.withtests/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487950/; classtype:trojan-activity;sid:84351050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487951)"; flow:established,from_client; content:"GET"; http_method; content:"/suryaimelandabp/tm1637_pico/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487951/; classtype:trojan-activity;sid:84351051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487952)"; flow:established,from_client; content:"GET"; http_method; content:"/amoni2019/fonepaw-screen-recorder-free/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487952/; classtype:trojan-activity;sid:84351052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487953)"; flow:established,from_client; content:"GET"; http_method; content:"/daveyisbricked/movie-finder-react/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487953/; classtype:trojan-activity;sid:84351053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487954)"; flow:established,from_client; content:"GET"; http_method; content:"/daveyisbricked/movie-finder-react/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487954/; classtype:trojan-activity;sid:84351054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487955)"; flow:established,from_client; content:"GET"; http_method; content:"/jay3x/auto-commit/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487955/; classtype:trojan-activity;sid:84351055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487956)"; flow:established,from_client; content:"GET"; http_method; content:"/quynh814/teafibot/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487956/; classtype:trojan-activity;sid:84351056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487943)"; flow:established,from_client; content:"GET"; http_method; content:"/okijuinhbugvygbuhi/concept/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487943/; classtype:trojan-activity;sid:84351043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487944)"; flow:established,from_client; content:"GET"; http_method; content:"/hafijulkhan786/fhnw-dashboard/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487944/; classtype:trojan-activity;sid:84351044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487945)"; flow:established,from_client; content:"GET"; http_method; content:"/rizki7680/auto-gmtsar-setup/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487945/; classtype:trojan-activity;sid:84351045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487941)"; flow:established,from_client; content:"GET"; http_method; content:"/hotdogcookie20/yingyanai/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487941/; classtype:trojan-activity;sid:84351041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487942)"; flow:established,from_client; content:"GET"; http_method; content:"/dagchsgame/microsoft-md-102-dumps-pdf/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487942/; classtype:trojan-activity;sid:84351042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487939)"; flow:established,from_client; content:"GET"; http_method; content:"/quynh814/teafibot/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487939/; classtype:trojan-activity;sid:84351039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487940)"; flow:established,from_client; content:"GET"; http_method; content:"/jw0902/mediassist/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487940/; classtype:trojan-activity;sid:84351040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487935)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/invenstock/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487935/; classtype:trojan-activity;sid:84351035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487936)"; flow:established,from_client; content:"GET"; http_method; content:"/rcacaca/desktop-os/releases/download/v1.0/app.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487936/; classtype:trojan-activity;sid:84351036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487937)"; flow:established,from_client; content:"GET"; http_method; content:"/yourmumsbad/testkanban/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487937/; classtype:trojan-activity;sid:84351037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487938)"; flow:established,from_client; content:"GET"; http_method; content:"/namensenn/coding-practice-32-car/releases/download/v1.0/app.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487938/; classtype:trojan-activity;sid:84351038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487933)"; flow:established,from_client; content:"GET"; http_method; content:"/mejicool/casino-scripts.com-/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487933/; classtype:trojan-activity;sid:84351033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487934)"; flow:established,from_client; content:"GET"; http_method; content:"/ethanpoo/babyblog/releases/download/v1.0/app.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487934/; classtype:trojan-activity;sid:84351034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487930)"; flow:established,from_client; content:"GET"; http_method; content:"/justnem/deep-research/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487930/; classtype:trojan-activity;sid:84351030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487931)"; flow:established,from_client; content:"GET"; http_method; content:"/rofix12/spring-microservices/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487931/; classtype:trojan-activity;sid:84351031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487932)"; flow:established,from_client; content:"GET"; http_method; content:"/bloodbag/prestigepreview_webgl_docs/releases/download/v1.0/app.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487932/; classtype:trojan-activity;sid:84351032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487929)"; flow:established,from_client; content:"GET"; http_method; content:"/justnem/deep-research/releases/download/v1.0/app.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487929/; classtype:trojan-activity;sid:84351029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487927)"; flow:established,from_client; content:"GET"; http_method; content:"/mkiuk/jullus2api/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487927/; classtype:trojan-activity;sid:84351027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487928)"; flow:established,from_client; content:"GET"; http_method; content:"/kaasman123/pgalp.github.io/releases/download/v1.0/app.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487928/; classtype:trojan-activity;sid:84351028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487925)"; flow:established,from_client; content:"GET"; http_method; content:"/suryaimelandabp/tm1637_pico/releases/download/v1.0/app.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487925/; classtype:trojan-activity;sid:84351025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487926)"; flow:established,from_client; content:"GET"; http_method; content:"/jw0902/mediassist/releases/download/v1.0/app.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487926/; classtype:trojan-activity;sid:84351026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487924)"; flow:established,from_client; content:"GET"; http_method; content:"/ttoyi/basic-web-auth/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487924/; classtype:trojan-activity;sid:84351024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487923)"; flow:established,from_client; content:"GET"; http_method; content:"/raiokkj/avs-audio-converter-free/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487923/; classtype:trojan-activity;sid:84351023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487917)"; flow:established,from_client; content:"GET"; http_method; content:"/kayden2024/aida64-extreme-free/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487917/; classtype:trojan-activity;sid:84351017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487918)"; flow:established,from_client; content:"GET"; http_method; content:"/jeff2807/githubaipy/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487918/; classtype:trojan-activity;sid:84351018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487919)"; flow:established,from_client; content:"GET"; http_method; content:"/ydpox/snu_2d_programmingtools_ide_alpine-abuild/releases/download/v2.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487919/; classtype:trojan-activity;sid:84351019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487920)"; flow:established,from_client; content:"GET"; http_method; content:"/rahul110110/rocket-telemetry-logger-using-raspberry-pi-pico/releases/download/v1.0/software.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487920/; classtype:trojan-activity;sid:84351020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487921)"; flow:established,from_client; content:"GET"; http_method; content:"/jeff2807/githubaipy/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487921/; classtype:trojan-activity;sid:84351021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487922)"; flow:established,from_client; content:"GET"; http_method; content:"/huyko67/chatbot-whatsapp/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487922/; classtype:trojan-activity;sid:84351022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487915)"; flow:established,from_client; content:"GET"; http_method; content:"/abyss675/alfaromeogiulia_dashboardinfo_esp32-s3/releases/download/v1.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487915/; classtype:trojan-activity;sid:84351015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487916)"; flow:established,from_client; content:"GET"; http_method; content:"/binnizenobiocordovaleandro/apachimuhkayqui-server/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487916/; classtype:trojan-activity;sid:84351016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487912)"; flow:established,from_client; content:"GET"; http_method; content:"/envility/pic18f56q24-cnano-8bit-mdfu-solution-mplab-mcc/releases/download/v2.0/software.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487912/; classtype:trojan-activity;sid:84351012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487913)"; flow:established,from_client; content:"GET"; http_method; content:"/kayden2024/aida64-extreme-free/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487913/; classtype:trojan-activity;sid:84351013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487914)"; flow:established,from_client; content:"GET"; http_method; content:"/ydpox/snu_2d_programmingtools_ide_alpine-abuild/releases/download/v1.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487914/; classtype:trojan-activity;sid:84351014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487907)"; flow:established,from_client; content:"GET"; http_method; content:"/kareemdaher772/weather-app/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487907/; classtype:trojan-activity;sid:84351007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487908)"; flow:established,from_client; content:"GET"; http_method; content:"/m2iq1/sendfakebtc/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487908/; classtype:trojan-activity;sid:84351008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487909)"; flow:established,from_client; content:"GET"; http_method; content:"/rofix12/spring-microservices/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487909/; classtype:trojan-activity;sid:84351009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487910)"; flow:established,from_client; content:"GET"; http_method; content:"/maxt5n/deepseek-model-finetune-inference-platform/releases/download/v1.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487910/; classtype:trojan-activity;sid:84351010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487911)"; flow:established,from_client; content:"GET"; http_method; content:"/kareemdaher772/weather-app/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487911/; classtype:trojan-activity;sid:84351011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487903)"; flow:established,from_client; content:"GET"; http_method; content:"/abyss675/alfaromeogiulia_dashboardinfo_esp32-s3/releases/download/v2.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487903/; classtype:trojan-activity;sid:84351003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.143.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487904/; classtype:trojan-activity;sid:84351004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487905)"; flow:established,from_client; content:"GET"; http_method; content:"/rahul110110/rocket-telemetry-logger-using-raspberry-pi-pico/releases/download/v2.0/software.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487905/; classtype:trojan-activity;sid:84351005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487906)"; flow:established,from_client; content:"GET"; http_method; content:"/almighty101/apex-legends-external-cheat-hack-trigger-glow-aimbot-skin-more-hwid-spoofer/releases/download/reticulum/apex-legends-external-cheat-hack-trigger-glow-aimbot-skin-more-hwid-spoofer-reticulum.zip"; http_uri; depth:206; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487906/; classtype:trojan-activity;sid:84351006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487901)"; flow:established,from_client; content:"GET"; http_method; content:"/huyko67/chatbot-whatsapp/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487901/; classtype:trojan-activity;sid:84351001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487902)"; flow:established,from_client; content:"GET"; http_method; content:"/bryandejesusrt/reconocimiento-de-placas-con-ia-bytecoders/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487902/; classtype:trojan-activity;sid:84351002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487900)"; flow:established,from_client; content:"GET"; http_method; content:"/santoshbhajantri123/solana-pump.fun-smart-contract/releases/download/v2.0/software.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487900/; classtype:trojan-activity;sid:84351000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.199.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487899/; classtype:trojan-activity;sid:84350999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487898)"; flow:established,from_client; content:"GET"; http_method; content:"/quibejll51.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.issuingdingbat.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487898/; classtype:trojan-activity;sid:84350998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487896)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc.fkunigr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487896/; classtype:trojan-activity;sid:84350996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487897)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4.fkunigr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487897/; classtype:trojan-activity;sid:84350997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487895)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k.fkunigr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487895/; classtype:trojan-activity;sid:84350995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487894)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5.fkunigr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487894/; classtype:trojan-activity;sid:84350994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.6.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487887/; classtype:trojan-activity;sid:84350987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487888)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7.fkunigr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487888/; classtype:trojan-activity;sid:84350988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487889)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips.fkunigr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487889/; classtype:trojan-activity;sid:84350989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487890)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86.fkunigr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487890/; classtype:trojan-activity;sid:84350990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487891)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6.fkunigr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487891/; classtype:trojan-activity;sid:84350991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487892)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl.fkunigr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487892/; classtype:trojan-activity;sid:84350992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487893)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm.fkunigr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487893/; classtype:trojan-activity;sid:84350993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.237.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487886/; classtype:trojan-activity;sid:84350986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.227.7.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487885/; classtype:trojan-activity;sid:84350985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.101.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487884/; classtype:trojan-activity;sid:84350984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.15.10.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487881/; classtype:trojan-activity;sid:84350981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.160.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487882/; classtype:trojan-activity;sid:84350982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.244.73.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487883/; classtype:trojan-activity;sid:84350983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487880/; classtype:trojan-activity;sid:84350980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487879/; classtype:trojan-activity;sid:84350979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.118.240.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487878/; classtype:trojan-activity;sid:84350978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.78.253.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487877/; classtype:trojan-activity;sid:84350977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487875)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.69.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487875/; classtype:trojan-activity;sid:84350975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.10.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487876/; classtype:trojan-activity;sid:84350976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.105.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487874/; classtype:trojan-activity;sid:84350974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.94.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487873/; classtype:trojan-activity;sid:84350973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.227.7.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487872/; classtype:trojan-activity;sid:84350972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.225.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487871/; classtype:trojan-activity;sid:84350971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.227.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487870/; classtype:trojan-activity;sid:84350970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.116.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487869/; classtype:trojan-activity;sid:84350969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.82.213"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487868/; classtype:trojan-activity;sid:84350968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.94.185.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487867/; classtype:trojan-activity;sid:84350967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.243.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487866/; classtype:trojan-activity;sid:84350966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.83.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487865/; classtype:trojan-activity;sid:84350965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.237.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487864/; classtype:trojan-activity;sid:84350964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.108.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487863/; classtype:trojan-activity;sid:84350963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.233.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487862/; classtype:trojan-activity;sid:84350962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487861/; classtype:trojan-activity;sid:84350961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.193.102.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487860/; classtype:trojan-activity;sid:84350960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.94.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487859/; classtype:trojan-activity;sid:84350959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.116.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487858/; classtype:trojan-activity;sid:84350958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.60.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487857/; classtype:trojan-activity;sid:84350957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.225.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487856/; classtype:trojan-activity;sid:84350956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.56.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487855/; classtype:trojan-activity;sid:84350955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487854/; classtype:trojan-activity;sid:84350954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.108.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487853/; classtype:trojan-activity;sid:84350953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.233.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487852/; classtype:trojan-activity;sid:84350952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.52.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487851/; classtype:trojan-activity;sid:84350951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.239.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487850/; classtype:trojan-activity;sid:84350950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487849)"; flow:established,from_client; content:"GET"; http_method; content:"/94bcss1mnc.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.issuingdingbat.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487849/; classtype:trojan-activity;sid:84350949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.224.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487848/; classtype:trojan-activity;sid:84350948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.243.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487847/; classtype:trojan-activity;sid:84350947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487846)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.142.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487846/; classtype:trojan-activity;sid:84350946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.60.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487845/; classtype:trojan-activity;sid:84350945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487842)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.142.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487842/; classtype:trojan-activity;sid:84350942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487843)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.142.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487843/; classtype:trojan-activity;sid:84350943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487844)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.142.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487844/; classtype:trojan-activity;sid:84350944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487841)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.142.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487841/; classtype:trojan-activity;sid:84350941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.86.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487838/; classtype:trojan-activity;sid:84350938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487839)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.142.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487839/; classtype:trojan-activity;sid:84350939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487840)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.142.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487840/; classtype:trojan-activity;sid:84350940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487832)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.142.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487832/; classtype:trojan-activity;sid:84350932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487833)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.142.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487833/; classtype:trojan-activity;sid:84350933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487834)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.142.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487834/; classtype:trojan-activity;sid:84350934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487835)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.142.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487835/; classtype:trojan-activity;sid:84350935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487836)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.142.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487836/; classtype:trojan-activity;sid:84350936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.254.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487837/; classtype:trojan-activity;sid:84350937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.193.102.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487831/; classtype:trojan-activity;sid:84350931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.255.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487830/; classtype:trojan-activity;sid:84350930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487829/; classtype:trojan-activity;sid:84350929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.52.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487828/; classtype:trojan-activity;sid:84350928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.191.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487827/; classtype:trojan-activity;sid:84350927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.28.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487826/; classtype:trojan-activity;sid:84350926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.254.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487825/; classtype:trojan-activity;sid:84350925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.224.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487824/; classtype:trojan-activity;sid:84350924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487823/; classtype:trojan-activity;sid:84350923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487822/; classtype:trojan-activity;sid:84350922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.56.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487820/; classtype:trojan-activity;sid:84350920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.184.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487821/; classtype:trojan-activity;sid:84350921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.255.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487819/; classtype:trojan-activity;sid:84350919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.185.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487818/; classtype:trojan-activity;sid:84350918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.194.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487817/; classtype:trojan-activity;sid:84350917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.144.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487816/; classtype:trojan-activity;sid:84350916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.52.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487815/; classtype:trojan-activity;sid:84350915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.191.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487814/; classtype:trojan-activity;sid:84350914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.242.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487813/; classtype:trojan-activity;sid:84350913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487812/; classtype:trojan-activity;sid:84350912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.254.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487811/; classtype:trojan-activity;sid:84350911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.116.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487809/; classtype:trojan-activity;sid:84350909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.191.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487810/; classtype:trojan-activity;sid:84350910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.202.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487808/; classtype:trojan-activity;sid:84350908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.144.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487807/; classtype:trojan-activity;sid:84350907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487804)"; flow:established,from_client; content:"GET"; http_method; content:"/p0w9xrvzpq.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.issuingdingbat.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487804/; classtype:trojan-activity;sid:84350904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.52.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487805/; classtype:trojan-activity;sid:84350905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.35.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487806/; classtype:trojan-activity;sid:84350906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.202.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487803/; classtype:trojan-activity;sid:84350903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.194.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487802/; classtype:trojan-activity;sid:84350902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.120.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487801/; classtype:trojan-activity;sid:84350901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.93.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487800/; classtype:trojan-activity;sid:84350900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.185.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487799/; classtype:trojan-activity;sid:84350899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.199.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487798/; classtype:trojan-activity;sid:84350898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.9.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487797/; classtype:trojan-activity;sid:84350897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.196.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487796/; classtype:trojan-activity;sid:84350896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.39.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487795/; classtype:trojan-activity;sid:84350895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.235.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487794/; classtype:trojan-activity;sid:84350894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.143.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487793/; classtype:trojan-activity;sid:84350893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.134.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487792/; classtype:trojan-activity;sid:84350892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.199.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487791/; classtype:trojan-activity;sid:84350891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.113.235.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487790/; classtype:trojan-activity;sid:84350890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.99.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487789/; classtype:trojan-activity;sid:84350889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.131.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487787/; classtype:trojan-activity;sid:84350887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.235.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487788/; classtype:trojan-activity;sid:84350888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.143.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487786/; classtype:trojan-activity;sid:84350886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.39.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487785/; classtype:trojan-activity;sid:84350885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.242.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487784/; classtype:trojan-activity;sid:84350884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487783/; classtype:trojan-activity;sid:84350883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.58.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487782/; classtype:trojan-activity;sid:84350882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.58.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487781/; classtype:trojan-activity;sid:84350881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.196.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487778/; classtype:trojan-activity;sid:84350878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.242.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487779/; classtype:trojan-activity;sid:84350879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.13.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487780/; classtype:trojan-activity;sid:84350880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487777/; classtype:trojan-activity;sid:84350877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.7.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487776/; classtype:trojan-activity;sid:84350876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.108.104.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487775/; classtype:trojan-activity;sid:84350875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.138.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487774/; classtype:trojan-activity;sid:84350874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.96.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487773/; classtype:trojan-activity;sid:84350873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.131.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487772/; classtype:trojan-activity;sid:84350872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.134.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487771/; classtype:trojan-activity;sid:84350871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487770)"; flow:established,from_client; content:"GET"; http_method; content:"/1zlpua4e55.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.issuingdingbat.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487770/; classtype:trojan-activity;sid:84350870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.143.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487769/; classtype:trojan-activity;sid:84350869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487767/; classtype:trojan-activity;sid:84350867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.252.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487768/; classtype:trojan-activity;sid:84350868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.203.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487766/; classtype:trojan-activity;sid:84350866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.7.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487765/; classtype:trojan-activity;sid:84350865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.42.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487764/; classtype:trojan-activity;sid:84350864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.111.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487763/; classtype:trojan-activity;sid:84350863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.104.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487762/; classtype:trojan-activity;sid:84350862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.115.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487761/; classtype:trojan-activity;sid:84350861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.112.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487760/; classtype:trojan-activity;sid:84350860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.119.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487758/; classtype:trojan-activity;sid:84350858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.143.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487759/; classtype:trojan-activity;sid:84350859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.188.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487757/; classtype:trojan-activity;sid:84350857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.237.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487756/; classtype:trojan-activity;sid:84350856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.102.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487755/; classtype:trojan-activity;sid:84350855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.36.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487754/; classtype:trojan-activity;sid:84350854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.235.7.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487753/; classtype:trojan-activity;sid:84350853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.0.217.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487752/; classtype:trojan-activity;sid:84350852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487751/; classtype:trojan-activity;sid:84350851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487750/; classtype:trojan-activity;sid:84350850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.2.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487749/; classtype:trojan-activity;sid:84350849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487748/; classtype:trojan-activity;sid:84350848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.223.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487745/; classtype:trojan-activity;sid:84350845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.71.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487746/; classtype:trojan-activity;sid:84350846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.224.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487747/; classtype:trojan-activity;sid:84350847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.49.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487744/; classtype:trojan-activity;sid:84350844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487743/; classtype:trojan-activity;sid:84350843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.111.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487742/; classtype:trojan-activity;sid:84350842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.102.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487741/; classtype:trojan-activity;sid:84350841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.138.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487740/; classtype:trojan-activity;sid:84350840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.175.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487739/; classtype:trojan-activity;sid:84350839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.133.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487738/; classtype:trojan-activity;sid:84350838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.223.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487737/; classtype:trojan-activity;sid:84350837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.252.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487736/; classtype:trojan-activity;sid:84350836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487735/; classtype:trojan-activity;sid:84350835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.29.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487734/; classtype:trojan-activity;sid:84350834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.168.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487732/; classtype:trojan-activity;sid:84350832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.29.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487733/; classtype:trojan-activity;sid:84350833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.239.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487731/; classtype:trojan-activity;sid:84350831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487730)"; flow:established,from_client; content:"GET"; http_method; content:"/57dwxjl9g3.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.issuingdingbat.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487730/; classtype:trojan-activity;sid:84350830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.49.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487729/; classtype:trojan-activity;sid:84350829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.158.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487728/; classtype:trojan-activity;sid:84350828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.91.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487727/; classtype:trojan-activity;sid:84350827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.138.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487726/; classtype:trojan-activity;sid:84350826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.39.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487725/; classtype:trojan-activity;sid:84350825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.175.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487724/; classtype:trojan-activity;sid:84350824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.87.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487723/; classtype:trojan-activity;sid:84350823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.133.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487722/; classtype:trojan-activity;sid:84350822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.92.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487721/; classtype:trojan-activity;sid:84350821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.46.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487720/; classtype:trojan-activity;sid:84350820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.7.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487719/; classtype:trojan-activity;sid:84350819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.168.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487718/; classtype:trojan-activity;sid:84350818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.0.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487717/; classtype:trojan-activity;sid:84350817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.239.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487716/; classtype:trojan-activity;sid:84350816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487715/; classtype:trojan-activity;sid:84350815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.23.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487714/; classtype:trojan-activity;sid:84350814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.158.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487713/; classtype:trojan-activity;sid:84350813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.91.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487712/; classtype:trojan-activity;sid:84350812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.87.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487711/; classtype:trojan-activity;sid:84350811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.217.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487710/; classtype:trojan-activity;sid:84350810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.0.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487709/; classtype:trojan-activity;sid:84350809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.6.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487708/; classtype:trojan-activity;sid:84350808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.108.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487707/; classtype:trojan-activity;sid:84350807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487706)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/osnspfr.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487706/; classtype:trojan-activity;sid:84350806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487688)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/eirsmac.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487688/; classtype:trojan-activity;sid:84350788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487689)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/pmsdomo.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487689/; classtype:trojan-activity;sid:84350789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487690)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/ffdskpi.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487690/; classtype:trojan-activity;sid:84350790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487691)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/kkifdad.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487691/; classtype:trojan-activity;sid:84350791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487692)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/dmgrgcp.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487692/; classtype:trojan-activity;sid:84350792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487693)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/kokrbra.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487693/; classtype:trojan-activity;sid:84350793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487694)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/kddipea.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487694/; classtype:trojan-activity;sid:84350794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487695)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/caapnki.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487695/; classtype:trojan-activity;sid:84350795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487696)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/bkhpbhf.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487696/; classtype:trojan-activity;sid:84350796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487697)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/bdiffrf.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487697/; classtype:trojan-activity;sid:84350797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487698)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/nhfakcb.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487698/; classtype:trojan-activity;sid:84350798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487699)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/hncsnsc.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487699/; classtype:trojan-activity;sid:84350799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487700)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/ngjmaed.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487700/; classtype:trojan-activity;sid:84350800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487701)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/njcemid.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487701/; classtype:trojan-activity;sid:84350801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487702)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/ajdhfpb.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487702/; classtype:trojan-activity;sid:84350802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487703)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/kifpkba.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487703/; classtype:trojan-activity;sid:84350803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487704)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/kcmiaan.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487704/; classtype:trojan-activity;sid:84350804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487705)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/pckkiff.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487705/; classtype:trojan-activity;sid:84350805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.96.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487685/; classtype:trojan-activity;sid:84350785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487686)"; flow:established,from_client; content:"GET"; http_method; content:"/files/lummac2%20dante%2020.03.2025%2022_42_35.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487686/; classtype:trojan-activity;sid:84350786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487687)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/bffrkri.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487687/; classtype:trojan-activity;sid:84350787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487682)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/ccokins.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487682/; classtype:trojan-activity;sid:84350782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487683)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/asdmsfd.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487683/; classtype:trojan-activity;sid:84350783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487684)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/ajfkaff.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487684/; classtype:trojan-activity;sid:84350784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487681)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6003232782/h9mhsgm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487681/; classtype:trojan-activity;sid:84350781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487673)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7684569444/advnrno.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487673/; classtype:trojan-activity;sid:84350773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487674)"; flow:established,from_client; content:"GET"; http_method; content:"/files/2043702969/hgjbyfg.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487674/; classtype:trojan-activity;sid:84350774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487675)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6691015685/lz2lw9n.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487675/; classtype:trojan-activity;sid:84350775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487676)"; flow:established,from_client; content:"GET"; http_method; content:"/files/wolfgangalive0/xmsn.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487676/; classtype:trojan-activity;sid:84350776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487677)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1229664666/cupxaxb.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487677/; classtype:trojan-activity;sid:84350777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487678)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7001656225/okh8ipf.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487678/; classtype:trojan-activity;sid:84350778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487679)"; flow:established,from_client; content:"GET"; http_method; content:"/files/newdef/apple.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487679/; classtype:trojan-activity;sid:84350779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487680)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5780230317/tk0oyx3.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487680/; classtype:trojan-activity;sid:84350780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487672)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5163778194/zx4pjh6.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487672/; classtype:trojan-activity;sid:84350772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.96.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487671/; classtype:trojan-activity;sid:84350771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.161.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487670/; classtype:trojan-activity;sid:84350770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.46.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487669/; classtype:trojan-activity;sid:84350769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.208.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487668/; classtype:trojan-activity;sid:84350768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.217.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487667/; classtype:trojan-activity;sid:84350767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.36.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487666/; classtype:trojan-activity;sid:84350766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.42.150.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487665/; classtype:trojan-activity;sid:84350765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.196.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487664/; classtype:trojan-activity;sid:84350764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.212.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487663/; classtype:trojan-activity;sid:84350763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.224.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487662/; classtype:trojan-activity;sid:84350762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.238.59.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487661/; classtype:trojan-activity;sid:84350761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.108.59.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487660/; classtype:trojan-activity;sid:84350760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.134.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487659/; classtype:trojan-activity;sid:84350759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.73.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487658/; classtype:trojan-activity;sid:84350758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.55.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487657/; classtype:trojan-activity;sid:84350757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.161.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487656/; classtype:trojan-activity;sid:84350756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.97.231.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487655/; classtype:trojan-activity;sid:84350755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.113.235.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487654/; classtype:trojan-activity;sid:84350754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.151.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487653/; classtype:trojan-activity;sid:84350753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.209.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487652/; classtype:trojan-activity;sid:84350752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.73.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487651/; classtype:trojan-activity;sid:84350751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.108.59.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487650/; classtype:trojan-activity;sid:84350750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487649)"; flow:established,from_client; content:"GET"; http_method; content:"/ylbx7j5ek0.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.issuingdingbat.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487649/; classtype:trojan-activity;sid:84350749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.232.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487648/; classtype:trojan-activity;sid:84350748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.21.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487647/; classtype:trojan-activity;sid:84350747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.151.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487646/; classtype:trojan-activity;sid:84350746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.18.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487645/; classtype:trojan-activity;sid:84350745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.245.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487644/; classtype:trojan-activity;sid:84350744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.226.169.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487643/; classtype:trojan-activity;sid:84350743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.209.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487641/; classtype:trojan-activity;sid:84350741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.31.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487642/; classtype:trojan-activity;sid:84350742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.87.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487640/; classtype:trojan-activity;sid:84350740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.237.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487639/; classtype:trojan-activity;sid:84350739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.165.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487638/; classtype:trojan-activity;sid:84350738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.188.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487637/; classtype:trojan-activity;sid:84350737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.61.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487636/; classtype:trojan-activity;sid:84350736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.169.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487635/; classtype:trojan-activity;sid:84350735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.22.12.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487634/; classtype:trojan-activity;sid:84350734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.13.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487633/; classtype:trojan-activity;sid:84350733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.192.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487632/; classtype:trojan-activity;sid:84350732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.115.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487631/; classtype:trojan-activity;sid:84350731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.11.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487630/; classtype:trojan-activity;sid:84350730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.194.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487629/; classtype:trojan-activity;sid:84350729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487628)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.169.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487628/; classtype:trojan-activity;sid:84350728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487627)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.151.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487627/; classtype:trojan-activity;sid:84350727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.227.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487626/; classtype:trojan-activity;sid:84350726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.213.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487625/; classtype:trojan-activity;sid:84350725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487624)"; flow:established,from_client; content:"GET"; http_method; content:"/apbckpnrf9.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.issuingdingbat.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487624/; classtype:trojan-activity;sid:84350724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487623/; classtype:trojan-activity;sid:84350723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.87.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487622/; classtype:trojan-activity;sid:84350722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.61.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487621/; classtype:trojan-activity;sid:84350721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.48.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487620/; classtype:trojan-activity;sid:84350720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.11.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487619/; classtype:trojan-activity;sid:84350719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.121.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487618/; classtype:trojan-activity;sid:84350718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.74.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487616/; classtype:trojan-activity;sid:84350716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.115.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487617/; classtype:trojan-activity;sid:84350717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.63.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487615/; classtype:trojan-activity;sid:84350715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.227.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487614/; classtype:trojan-activity;sid:84350714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.213.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487613/; classtype:trojan-activity;sid:84350713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.17.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487612/; classtype:trojan-activity;sid:84350712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.98.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487611/; classtype:trojan-activity;sid:84350711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.80.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487610/; classtype:trojan-activity;sid:84350710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.121.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487609/; classtype:trojan-activity;sid:84350709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.40.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487608/; classtype:trojan-activity;sid:84350708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.16.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487607/; classtype:trojan-activity;sid:84350707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.150.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487606/; classtype:trojan-activity;sid:84350706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.74.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487604/; classtype:trojan-activity;sid:84350704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.84.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487605/; classtype:trojan-activity;sid:84350705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.1.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487603/; classtype:trojan-activity;sid:84350703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.158.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487602/; classtype:trojan-activity;sid:84350702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.137.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487601/; classtype:trojan-activity;sid:84350701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.237.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487600/; classtype:trojan-activity;sid:84350700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487599)"; flow:established,from_client; content:"GET"; http_method; content:"/zry1gvcat8.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.issuingdingbat.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487599/; classtype:trojan-activity;sid:84350699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.100.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487598/; classtype:trojan-activity;sid:84350698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.80.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487597/; classtype:trojan-activity;sid:84350697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.179.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487596/; classtype:trojan-activity;sid:84350696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.158.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487595/; classtype:trojan-activity;sid:84350695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.254.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487594/; classtype:trojan-activity;sid:84350694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.192.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487593/; classtype:trojan-activity;sid:84350693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.160.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487592/; classtype:trojan-activity;sid:84350692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487591)"; flow:established,from_client; content:"GET"; http_method; content:"/ta.msi"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"olympics-inform-batteries-afterwards.trycloudflare.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487591/; classtype:trojan-activity;sid:84350691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487590)"; flow:established,from_client; content:"GET"; http_method; content:"/1ysnaghsa/re_0639273740212.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"olympics-inform-batteries-afterwards.trycloudflare.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487590/; classtype:trojan-activity;sid:84350690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487588)"; flow:established,from_client; content:"GET"; http_method; content:"/mp3.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"olympics-inform-batteries-afterwards.trycloudflare.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487588/; classtype:trojan-activity;sid:84350688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487589)"; flow:established,from_client; content:"GET"; http_method; content:"/2ysnahsjajd/re_00740936439473.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"olympics-inform-batteries-afterwards.trycloudflare.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487589/; classtype:trojan-activity;sid:84350689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487587)"; flow:established,from_client; content:"GET"; http_method; content:"/2ysnahsjajd/re_00740936439473.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"213.232.235.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487587/; classtype:trojan-activity;sid:84350687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487586)"; flow:established,from_client; content:"GET"; http_method; content:"/ta.msi"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.232.235.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487586/; classtype:trojan-activity;sid:84350686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487585)"; flow:established,from_client; content:"GET"; http_method; content:"/1ysnaghsa/re_0639273740212.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"213.232.235.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487585/; classtype:trojan-activity;sid:84350685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487584)"; flow:established,from_client; content:"GET"; http_method; content:"/mp3.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.232.235.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487584/; classtype:trojan-activity;sid:84350684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.86.27.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487583/; classtype:trojan-activity;sid:84350683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.195.7.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487582/; classtype:trojan-activity;sid:84350682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.143.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487581/; classtype:trojan-activity;sid:84350681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487580)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487580/; classtype:trojan-activity;sid:84350680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487563)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487563/; classtype:trojan-activity;sid:84350663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487564)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487564/; classtype:trojan-activity;sid:84350664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487565)"; flow:established,from_client; content:"GET"; http_method; content:"/lickmynutsnigah.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487565/; classtype:trojan-activity;sid:84350665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487566)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487566/; classtype:trojan-activity;sid:84350666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487567)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487567/; classtype:trojan-activity;sid:84350667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487568)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487568/; classtype:trojan-activity;sid:84350668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487569)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487569/; classtype:trojan-activity;sid:84350669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487570)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487570/; classtype:trojan-activity;sid:84350670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487571)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487571/; classtype:trojan-activity;sid:84350671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487572)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.i586"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487572/; classtype:trojan-activity;sid:84350672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487573)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487573/; classtype:trojan-activity;sid:84350673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487574)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.i486"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487574/; classtype:trojan-activity;sid:84350674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487575)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487575/; classtype:trojan-activity;sid:84350675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487576)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487576/; classtype:trojan-activity;sid:84350676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487577)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"155.138.230.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487577/; classtype:trojan-activity;sid:84350677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487578)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"155.138.230.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487578/; classtype:trojan-activity;sid:84350678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487579)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"155.138.230.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487579/; classtype:trojan-activity;sid:84350679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487554)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"155.138.230.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487554/; classtype:trojan-activity;sid:84350654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487555)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"155.138.230.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487555/; classtype:trojan-activity;sid:84350655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487556)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i586"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"155.138.230.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487556/; classtype:trojan-activity;sid:84350656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487557)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"155.138.230.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487557/; classtype:trojan-activity;sid:84350657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487558)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"155.138.230.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487558/; classtype:trojan-activity;sid:84350658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487559)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv4l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"155.138.230.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487559/; classtype:trojan-activity;sid:84350659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487560)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"155.138.230.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487560/; classtype:trojan-activity;sid:84350660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487561)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv6l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"155.138.230.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487561/; classtype:trojan-activity;sid:84350661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487562)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"155.138.230.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487562/; classtype:trojan-activity;sid:84350662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487552)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv5l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"155.138.230.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487552/; classtype:trojan-activity;sid:84350652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487553)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"155.138.230.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487553/; classtype:trojan-activity;sid:84350653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487549)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487549/; classtype:trojan-activity;sid:84350649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487550)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487550/; classtype:trojan-activity;sid:84350650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487551)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487551/; classtype:trojan-activity;sid:84350651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487544)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487544/; classtype:trojan-activity;sid:84350644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487545)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487545/; classtype:trojan-activity;sid:84350645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487546)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487546/; classtype:trojan-activity;sid:84350646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487547)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487547/; classtype:trojan-activity;sid:84350647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487548)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487548/; classtype:trojan-activity;sid:84350648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487542)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487542/; classtype:trojan-activity;sid:84350642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487543)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487543/; classtype:trojan-activity;sid:84350643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487541)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.205.181.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487541/; classtype:trojan-activity;sid:84350641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487539)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.182.153.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487539/; classtype:trojan-activity;sid:84350639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487540)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.182.119.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487540/; classtype:trojan-activity;sid:84350640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487538)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.210.138.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487538/; classtype:trojan-activity;sid:84350638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487537)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"101.168.17.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487537/; classtype:trojan-activity;sid:84350637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487531)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.217.103.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487531/; classtype:trojan-activity;sid:84350631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487532)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.244.71.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487532/; classtype:trojan-activity;sid:84350632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487533)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.182.116.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487533/; classtype:trojan-activity;sid:84350633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487534)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.70.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487534/; classtype:trojan-activity;sid:84350634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487535)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.167.89.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487535/; classtype:trojan-activity;sid:84350635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487536)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.236.55.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487536/; classtype:trojan-activity;sid:84350636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487523)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.137.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487523/; classtype:trojan-activity;sid:84350623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487524)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.144.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487524/; classtype:trojan-activity;sid:84350624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487525)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.5.216.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487525/; classtype:trojan-activity;sid:84350625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487526)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.144.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487526/; classtype:trojan-activity;sid:84350626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487527)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.31.18.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487527/; classtype:trojan-activity;sid:84350627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487528)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.94.116.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487528/; classtype:trojan-activity;sid:84350628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487529)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.47.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487529/; classtype:trojan-activity;sid:84350629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487530)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.144.159.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487530/; classtype:trojan-activity;sid:84350630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487522)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487522/; classtype:trojan-activity;sid:84350622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.237.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487521/; classtype:trojan-activity;sid:84350621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.99.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487520/; classtype:trojan-activity;sid:84350620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.67.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487519/; classtype:trojan-activity;sid:84350619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487518)"; flow:established,from_client; content:"GET"; http_method; content:"/bot"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"207.244.199.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487518/; classtype:trojan-activity;sid:84350618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487517)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"207.244.199.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487517/; classtype:trojan-activity;sid:84350617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.13.6.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487516/; classtype:trojan-activity;sid:84350616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.151.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487514/; classtype:trojan-activity;sid:84350614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.237.238.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487515/; classtype:trojan-activity;sid:84350615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.38.17.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487510/; classtype:trojan-activity;sid:84350610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"143.92.135.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487511/; classtype:trojan-activity;sid:84350611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.157.58.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487512/; classtype:trojan-activity;sid:84350612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.205.209.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487513/; classtype:trojan-activity;sid:84350613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.11.64"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487506/; classtype:trojan-activity;sid:84350606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.17.51"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487507/; classtype:trojan-activity;sid:84350607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.111.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487508/; classtype:trojan-activity;sid:84350608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.25.212.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487509/; classtype:trojan-activity;sid:84350609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.138.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487505/; classtype:trojan-activity;sid:84350605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487504)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"45.11.229.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487504/; classtype:trojan-activity;sid:84350604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.149.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487503/; classtype:trojan-activity;sid:84350603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.232.1.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487502/; classtype:trojan-activity;sid:84350602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.144.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487501/; classtype:trojan-activity;sid:84350601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487500)"; flow:established,from_client; content:"GET"; http_method; content:"/v1xbn84agt.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.issuingdingbat.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487500/; classtype:trojan-activity;sid:84350600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.181.64.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487499/; classtype:trojan-activity;sid:84350599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487498/; classtype:trojan-activity;sid:84350598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.247.142.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487497/; classtype:trojan-activity;sid:84350597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.99.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487496/; classtype:trojan-activity;sid:84350596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.166.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487495/; classtype:trojan-activity;sid:84350595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.25.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487494/; classtype:trojan-activity;sid:84350594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.44.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487493/; classtype:trojan-activity;sid:84350593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.232.1.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487492/; classtype:trojan-activity;sid:84350592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.149.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487491/; classtype:trojan-activity;sid:84350591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.144.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487490/; classtype:trojan-activity;sid:84350590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.221.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487489/; classtype:trojan-activity;sid:84350589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.254.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487488/; classtype:trojan-activity;sid:84350588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.143.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487487/; classtype:trojan-activity;sid:84350587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.88.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487486/; classtype:trojan-activity;sid:84350586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.3.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487485/; classtype:trojan-activity;sid:84350585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.190.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487484/; classtype:trojan-activity;sid:84350584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.70.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487483/; classtype:trojan-activity;sid:84350583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.52.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487482/; classtype:trojan-activity;sid:84350582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.126.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487481/; classtype:trojan-activity;sid:84350581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.166.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487480/; classtype:trojan-activity;sid:84350580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.44.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487479/; classtype:trojan-activity;sid:84350579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.77.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487478/; classtype:trojan-activity;sid:84350578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.121.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487477/; classtype:trojan-activity;sid:84350577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.147.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487476/; classtype:trojan-activity;sid:84350576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.27.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487475/; classtype:trojan-activity;sid:84350575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.25.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487474/; classtype:trojan-activity;sid:84350574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.3.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487473/; classtype:trojan-activity;sid:84350573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.59.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487472/; classtype:trojan-activity;sid:84350572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487471)"; flow:established,from_client; content:"GET"; http_method; content:"/h5porr3813.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.issuingdingbat.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487471/; classtype:trojan-activity;sid:84350571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.142.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487470/; classtype:trojan-activity;sid:84350570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.77.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487468/; classtype:trojan-activity;sid:84350568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.101.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487469/; classtype:trojan-activity;sid:84350569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.101.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487467/; classtype:trojan-activity;sid:84350567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.68.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487465/; classtype:trojan-activity;sid:84350565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.75.66.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487466/; classtype:trojan-activity;sid:84350566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.59.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487464/; classtype:trojan-activity;sid:84350564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.253.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487463/; classtype:trojan-activity;sid:84350563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.186.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487462/; classtype:trojan-activity;sid:84350562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487461)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.144.32.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487461/; classtype:trojan-activity;sid:84350561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.52.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487460/; classtype:trojan-activity;sid:84350560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.88.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487459/; classtype:trojan-activity;sid:84350559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.213.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487458/; classtype:trojan-activity;sid:84350558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.96.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487457/; classtype:trojan-activity;sid:84350557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.228.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487456/; classtype:trojan-activity;sid:84350556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.142.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487455/; classtype:trojan-activity;sid:84350555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.35.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487454/; classtype:trojan-activity;sid:84350554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.79.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487453/; classtype:trojan-activity;sid:84350553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.147.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487452/; classtype:trojan-activity;sid:84350552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.68.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487451/; classtype:trojan-activity;sid:84350551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.66.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487450/; classtype:trojan-activity;sid:84350550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.16.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487449/; classtype:trojan-activity;sid:84350549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.15.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487448/; classtype:trojan-activity;sid:84350548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.8.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487447/; classtype:trojan-activity;sid:84350547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.96.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487446/; classtype:trojan-activity;sid:84350546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.186.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487445/; classtype:trojan-activity;sid:84350545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.209.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487444/; classtype:trojan-activity;sid:84350544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487443)"; flow:established,from_client; content:"GET"; http_method; content:"/ucrzx3wjj3.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.issuingdingbat.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487443/; classtype:trojan-activity;sid:84350543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.228.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487442/; classtype:trojan-activity;sid:84350542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.0.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487441/; classtype:trojan-activity;sid:84350541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.101.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487440/; classtype:trojan-activity;sid:84350540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.125.51.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487439/; classtype:trojan-activity;sid:84350539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.101.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487438/; classtype:trojan-activity;sid:84350538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.253.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487437/; classtype:trojan-activity;sid:84350537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.180.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487436/; classtype:trojan-activity;sid:84350536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.79.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487435/; classtype:trojan-activity;sid:84350535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.101.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487434/; classtype:trojan-activity;sid:84350534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.0.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487433/; classtype:trojan-activity;sid:84350533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.3.25.126"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487432/; classtype:trojan-activity;sid:84350532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.125.121.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487431/; classtype:trojan-activity;sid:84350531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.207.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487430/; classtype:trojan-activity;sid:84350530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.232.4.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487429/; classtype:trojan-activity;sid:84350529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.209.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487428/; classtype:trojan-activity;sid:84350528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.237.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487427/; classtype:trojan-activity;sid:84350527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.180.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487426/; classtype:trojan-activity;sid:84350526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.194.129.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487425/; classtype:trojan-activity;sid:84350525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.128.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487424/; classtype:trojan-activity;sid:84350524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487423)"; flow:established,from_client; content:"GET"; http_method; content:"/99eog8zcwl.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.issuingdingbat.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487423/; classtype:trojan-activity;sid:84350523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.128.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487422/; classtype:trojan-activity;sid:84350522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.213.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487421/; classtype:trojan-activity;sid:84350521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487420)"; flow:established,from_client; content:"GET"; http_method; content:"/api/v1/download/file.json/ntffndy2mdu4mzhf|3f|temp_key=%a6%29%d0fl%0e%3dex%3d%b5%f5%b8%a7|7c|26|7c|inline=0"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"web.opendrive.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487420/; classtype:trojan-activity;sid:84350520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487419)"; flow:established,from_client; content:"GET"; http_method; content:"/d/ntffndy2mdu4mzhf/pinqrkwopuvydt219.bin"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"od.lk"; http_host; depth:5; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487419/; classtype:trojan-activity;sid:84350519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.151.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487418/; classtype:trojan-activity;sid:84350518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.34.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487417/; classtype:trojan-activity;sid:84350517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.129.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487416/; classtype:trojan-activity;sid:84350516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.65.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487415/; classtype:trojan-activity;sid:84350515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.94.185.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487414/; classtype:trojan-activity;sid:84350514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.63.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487413/; classtype:trojan-activity;sid:84350513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.131.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487412/; classtype:trojan-activity;sid:84350512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.151.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487411/; classtype:trojan-activity;sid:84350511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.125.121.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487410/; classtype:trojan-activity;sid:84350510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.131.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487409/; classtype:trojan-activity;sid:84350509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.52.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487408/; classtype:trojan-activity;sid:84350508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.156.29.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487407/; classtype:trojan-activity;sid:84350507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487406)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.fepub.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487406/; classtype:trojan-activity;sid:84350506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487405)"; flow:established,from_client; content:"GET"; http_method; content:"/5rilgbxrly.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.issuingdingbat.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487405/; classtype:trojan-activity;sid:84350505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.233.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487404/; classtype:trojan-activity;sid:84350504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.1.28"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487403/; classtype:trojan-activity;sid:84350503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487402)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.fidec.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487402/; classtype:trojan-activity;sid:84350502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487401)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.180.158.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487401/; classtype:trojan-activity;sid:84350501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487396)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.180.158.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487396/; classtype:trojan-activity;sid:84350496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487397)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x32"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.180.158.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487397/; classtype:trojan-activity;sid:84350497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487398)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.180.158.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487398/; classtype:trojan-activity;sid:84350498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487399)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.180.158.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487399/; classtype:trojan-activity;sid:84350499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487400)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.180.158.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487400/; classtype:trojan-activity;sid:84350500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487394)"; flow:established,from_client; content:"GET"; http_method; content:"/app/laf6w_001.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"107.174.192.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487394/; classtype:trojan-activity;sid:84350494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487395)"; flow:established,from_client; content:"GET"; http_method; content:"/app/d3jhg_003.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"107.174.192.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487395/; classtype:trojan-activity;sid:84350495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487392)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.180.158.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487392/; classtype:trojan-activity;sid:84350492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487393)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.180.158.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487393/; classtype:trojan-activity;sid:84350493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487391)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.100.68.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487391/; classtype:trojan-activity;sid:84350491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487389)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.180.158.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487389/; classtype:trojan-activity;sid:84350489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487390)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.180.158.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487390/; classtype:trojan-activity;sid:84350490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487388)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"194.180.158.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487388/; classtype:trojan-activity;sid:84350488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.156.29.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487387/; classtype:trojan-activity;sid:84350487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487386)"; flow:established,from_client; content:"GET"; http_method; content:"/updated"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"207.244.199.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487386/; classtype:trojan-activity;sid:84350486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.124.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487385/; classtype:trojan-activity;sid:84350485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.233.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487384/; classtype:trojan-activity;sid:84350484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.56.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487383/; classtype:trojan-activity;sid:84350483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.151.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487382/; classtype:trojan-activity;sid:84350482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.247.82.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487381/; classtype:trojan-activity;sid:84350481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.199.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487380/; classtype:trojan-activity;sid:84350480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.52.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487379/; classtype:trojan-activity;sid:84350479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.39.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487378/; classtype:trojan-activity;sid:84350478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.36.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487377/; classtype:trojan-activity;sid:84350477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.106.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487376/; classtype:trojan-activity;sid:84350476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.106.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487375/; classtype:trojan-activity;sid:84350475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.254.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487374/; classtype:trojan-activity;sid:84350474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487373)"; flow:established,from_client; content:"GET"; http_method; content:"/rcknx2ojcz.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.issuingdingbat.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487373/; classtype:trojan-activity;sid:84350473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.247.82.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487372/; classtype:trojan-activity;sid:84350472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.78.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487371/; classtype:trojan-activity;sid:84350471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.124.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487370/; classtype:trojan-activity;sid:84350470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487368)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.azaler.icu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487368/; classtype:trojan-activity;sid:84350468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.89.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487369/; classtype:trojan-activity;sid:84350469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.39.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487367/; classtype:trojan-activity;sid:84350467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487366/; classtype:trojan-activity;sid:84350466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487365)"; flow:established,from_client; content:"GET"; http_method; content:"/okaminosaigai/blox-fruits-ultimate-script-2025/releases/download/3.7.5/blox-fruits-ultimate-script-2025-3.7.5.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487365/; classtype:trojan-activity;sid:84350465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487356)"; flow:established,from_client; content:"GET"; http_method; content:"/adithyanadiadi/jjsploit-executor-best/releases/download/3.7.0/jjsploitexecutorbest-3.7.0.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487356/; classtype:trojan-activity;sid:84350456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487357)"; flow:established,from_client; content:"GET"; http_method; content:"/earth789dadadad/roblox-scriptify/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487357/; classtype:trojan-activity;sid:84350457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487358)"; flow:established,from_client; content:"GET"; http_method; content:"/chaojidashuaige-svg/roblox-krampus/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487358/; classtype:trojan-activity;sid:84350458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487359)"; flow:established,from_client; content:"GET"; http_method; content:"/chaojidashuaige-svg/roblox-krampus/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487359/; classtype:trojan-activity;sid:84350459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487360)"; flow:established,from_client; content:"GET"; http_method; content:"/wer812/bhh666666666666/raw/refs/heads/main/service.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487360/; classtype:trojan-activity;sid:84350460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487361)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.vbs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"kick.com.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487361/; classtype:trojan-activity;sid:84350461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487362)"; flow:established,from_client; content:"GET"; http_method; content:"/agwismana/wave-executor/releases/download/1.3.0-alpha.3/wave-executor-1.3.0-alpha.3.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487362/; classtype:trojan-activity;sid:84350462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487363)"; flow:established,from_client; content:"GET"; http_method; content:"/wer812/vbvgghjjio999000/raw/refs/heads/main/bnoaprihjatuasss.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487363/; classtype:trojan-activity;sid:84350463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487364)"; flow:established,from_client; content:"GET"; http_method; content:"/wer812/bbgy555555551/raw/refs/heads/main/ntladlklthawd.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487364/; classtype:trojan-activity;sid:84350464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487355)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.180.158.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487355/; classtype:trojan-activity;sid:84350455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487354)"; flow:established,from_client; content:"GET"; http_method; content:"/goongangontop/i686"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"198.98.51.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487354/; classtype:trojan-activity;sid:84350454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487353)"; flow:established,from_client; content:"GET"; http_method; content:"/folder/fedora.bat"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"onlyfans.gift"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487353/; classtype:trojan-activity;sid:84350453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487348)"; flow:established,from_client; content:"GET"; http_method; content:"/goongangontop/sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"198.98.51.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487348/; classtype:trojan-activity;sid:84350448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487349)"; flow:established,from_client; content:"GET"; http_method; content:"/goongangontop/m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"198.98.51.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487349/; classtype:trojan-activity;sid:84350449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487350)"; flow:established,from_client; content:"GET"; http_method; content:"/goongangontop/spc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"198.98.51.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487350/; classtype:trojan-activity;sid:84350450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487351)"; flow:established,from_client; content:"GET"; http_method; content:"/goongangontop/arc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"198.98.51.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487351/; classtype:trojan-activity;sid:84350451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487352)"; flow:established,from_client; content:"GET"; http_method; content:"/goongangontop/ppc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"198.98.51.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487352/; classtype:trojan-activity;sid:84350452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.42.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487347/; classtype:trojan-activity;sid:84350447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.154.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487346/; classtype:trojan-activity;sid:84350446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.15.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487345/; classtype:trojan-activity;sid:84350445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.89.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487344/; classtype:trojan-activity;sid:84350444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.254.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487343/; classtype:trojan-activity;sid:84350443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.42.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487342/; classtype:trojan-activity;sid:84350442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.230.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487341/; classtype:trojan-activity;sid:84350441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.52.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487340/; classtype:trojan-activity;sid:84350440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487339/; classtype:trojan-activity;sid:84350439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487338/; classtype:trojan-activity;sid:84350438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.1.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487337/; classtype:trojan-activity;sid:84350437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.87.1.227"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487336/; classtype:trojan-activity;sid:84350436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487335/; classtype:trojan-activity;sid:84350435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487334/; classtype:trojan-activity;sid:84350434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.30.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487333/; classtype:trojan-activity;sid:84350433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487332)"; flow:established,from_client; content:"GET"; http_method; content:"/ke60e7lqtv.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.issuingdingbat.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487332/; classtype:trojan-activity;sid:84350432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.78.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487331/; classtype:trojan-activity;sid:84350431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.63.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487330/; classtype:trojan-activity;sid:84350430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.195.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487328/; classtype:trojan-activity;sid:84350428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.45.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487329/; classtype:trojan-activity;sid:84350429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487327/; classtype:trojan-activity;sid:84350427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.96.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487326/; classtype:trojan-activity;sid:84350426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487324/; classtype:trojan-activity;sid:84350424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.88.134.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487325/; classtype:trojan-activity;sid:84350425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.33.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487323/; classtype:trojan-activity;sid:84350423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.46.101.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487322/; classtype:trojan-activity;sid:84350422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.130.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487321/; classtype:trojan-activity;sid:84350421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487320/; classtype:trojan-activity;sid:84350420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.241.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487319/; classtype:trojan-activity;sid:84350419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.180.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487318/; classtype:trojan-activity;sid:84350418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487317)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.166.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487317/; classtype:trojan-activity;sid:84350417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.30.168.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487316/; classtype:trojan-activity;sid:84350416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.251.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487315/; classtype:trojan-activity;sid:84350415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.29.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487314/; classtype:trojan-activity;sid:84350414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.169.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487313/; classtype:trojan-activity;sid:84350413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487310)"; flow:established,from_client; content:"GET"; http_method; content:"/botpilled/rbot"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.144.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487310/; classtype:trojan-activity;sid:84350410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.198.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487311/; classtype:trojan-activity;sid:84350411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487312)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.9.171"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487312/; classtype:trojan-activity;sid:84350412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.155.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487309/; classtype:trojan-activity;sid:84350409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.159.96.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487308/; classtype:trojan-activity;sid:84350408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487307/; classtype:trojan-activity;sid:84350407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.141.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487306/; classtype:trojan-activity;sid:84350406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.30.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487305/; classtype:trojan-activity;sid:84350405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.137.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487304/; classtype:trojan-activity;sid:84350404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.168.133.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487303/; classtype:trojan-activity;sid:84350403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.107.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487302/; classtype:trojan-activity;sid:84350402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.9.148.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487301/; classtype:trojan-activity;sid:84350401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.198.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487300/; classtype:trojan-activity;sid:84350400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.118.12.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487299/; classtype:trojan-activity;sid:84350399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.28.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487298/; classtype:trojan-activity;sid:84350398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.39.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487297/; classtype:trojan-activity;sid:84350397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.168.133.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487296/; classtype:trojan-activity;sid:84350396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.163.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487295/; classtype:trojan-activity;sid:84350395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.132.95.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487294/; classtype:trojan-activity;sid:84350394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.9.148.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487293/; classtype:trojan-activity;sid:84350393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487292)"; flow:established,from_client; content:"GET"; http_method; content:"/e37hfvea1z.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.issuingdingbat.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487292/; classtype:trojan-activity;sid:84350392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.81.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487291/; classtype:trojan-activity;sid:84350391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.12.9.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487290/; classtype:trojan-activity;sid:84350390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.112.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487289/; classtype:trojan-activity;sid:84350389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.28.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487288/; classtype:trojan-activity;sid:84350388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.39.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487287/; classtype:trojan-activity;sid:84350387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.132.95.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487286/; classtype:trojan-activity;sid:84350386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.10.6"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487285/; classtype:trojan-activity;sid:84350385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.36.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487284/; classtype:trojan-activity;sid:84350384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.9.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487283/; classtype:trojan-activity;sid:84350383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.98.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487282/; classtype:trojan-activity;sid:84350382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.53.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487281/; classtype:trojan-activity;sid:84350381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.81.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487280/; classtype:trojan-activity;sid:84350380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.112.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487279/; classtype:trojan-activity;sid:84350379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.111.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487278/; classtype:trojan-activity;sid:84350378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.64.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487277/; classtype:trojan-activity;sid:84350377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.36.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487276/; classtype:trojan-activity;sid:84350376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.180.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487275/; classtype:trojan-activity;sid:84350375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.233.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487274/; classtype:trojan-activity;sid:84350374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487273/; classtype:trojan-activity;sid:84350373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.111.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487271/; classtype:trojan-activity;sid:84350371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.10.6"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487272/; classtype:trojan-activity;sid:84350372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.150.42.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487270/; classtype:trojan-activity;sid:84350370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.53.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487269/; classtype:trojan-activity;sid:84350369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.54.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487268/; classtype:trojan-activity;sid:84350368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487267)"; flow:established,from_client; content:"GET"; http_method; content:"/tmptwiuuyk.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.issuingdingbat.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487267/; classtype:trojan-activity;sid:84350367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.233.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487266/; classtype:trojan-activity;sid:84350366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.54.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487265/; classtype:trojan-activity;sid:84350365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.5.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487264/; classtype:trojan-activity;sid:84350364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.180.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487263/; classtype:trojan-activity;sid:84350363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"205.250.173.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487262/; classtype:trojan-activity;sid:84350362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.59.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487261/; classtype:trojan-activity;sid:84350361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.5.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487260/; classtype:trojan-activity;sid:84350360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.163.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487259/; classtype:trojan-activity;sid:84350359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.84.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487257/; classtype:trojan-activity;sid:84350357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"205.250.173.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487258/; classtype:trojan-activity;sid:84350358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.160.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487256/; classtype:trojan-activity;sid:84350356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487255)"; flow:established,from_client; content:"GET"; http_method; content:"/u1p9tuuhnx.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.issuingdingbat.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487255/; classtype:trojan-activity;sid:84350355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.112.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487254/; classtype:trojan-activity;sid:84350354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.84.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487253/; classtype:trojan-activity;sid:84350353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487252)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.221.10.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487252/; classtype:trojan-activity;sid:84350352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.244.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487251/; classtype:trojan-activity;sid:84350351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.244.73.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487250/; classtype:trojan-activity;sid:84350350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487247/; classtype:trojan-activity;sid:84350347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.33.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487248/; classtype:trojan-activity;sid:84350348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.15.10.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487249/; classtype:trojan-activity;sid:84350349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.122.61.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487246/; classtype:trojan-activity;sid:84350346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.115.89.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487245/; classtype:trojan-activity;sid:84350345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.26.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487244/; classtype:trojan-activity;sid:84350344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.154.102.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487243/; classtype:trojan-activity;sid:84350343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.98.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487242/; classtype:trojan-activity;sid:84350342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.22.160.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487241/; classtype:trojan-activity;sid:84350341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487240)"; flow:established,from_client; content:"GET"; http_method; content:"/uelenka/supreme-spork/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487240/; classtype:trojan-activity;sid:84350340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487239)"; flow:established,from_client; content:"GET"; http_method; content:"/uelenka/supreme-spork/refs/heads/main/runtimebroker.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487239/; classtype:trojan-activity;sid:84350339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487238)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.uzuqed.icu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487238/; classtype:trojan-activity;sid:84350338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.87.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487237/; classtype:trojan-activity;sid:84350337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.112.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487236/; classtype:trojan-activity;sid:84350336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.226.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487235/; classtype:trojan-activity;sid:84350335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.39.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487234/; classtype:trojan-activity;sid:84350334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.244.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487233/; classtype:trojan-activity;sid:84350333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487232)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/mytestfile.pdf.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.133.61.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487232/; classtype:trojan-activity;sid:84350332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.27.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487231/; classtype:trojan-activity;sid:84350331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"86.42.150.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487230/; classtype:trojan-activity;sid:84350330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.167.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487229/; classtype:trojan-activity;sid:84350329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.26.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487228/; classtype:trojan-activity;sid:84350328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.251.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487227/; classtype:trojan-activity;sid:84350327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.42.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487226/; classtype:trojan-activity;sid:84350326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.251.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487225/; classtype:trojan-activity;sid:84350325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.36.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487224/; classtype:trojan-activity;sid:84350324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.117.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487222/; classtype:trojan-activity;sid:84350322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487223)"; flow:established,from_client; content:"GET"; http_method; content:"/d9fg2f0dr8.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.issuingdingbat.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487223/; classtype:trojan-activity;sid:84350323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.14.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487221/; classtype:trojan-activity;sid:84350321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.167.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487220/; classtype:trojan-activity;sid:84350320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.191.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487219/; classtype:trojan-activity;sid:84350319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.63.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487218/; classtype:trojan-activity;sid:84350318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487216)"; flow:established,from_client; content:"GET"; http_method; content:"/godlybinsniggayoucantcrackthesebitch11111222268.sh"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"198.98.51.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487216/; classtype:trojan-activity;sid:84350316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487217)"; flow:established,from_client; content:"GET"; http_method; content:"/goongangontop/x86"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"198.98.51.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487217/; classtype:trojan-activity;sid:84350317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487209)"; flow:established,from_client; content:"GET"; http_method; content:"/goongangontop/mpsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"198.98.51.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487209/; classtype:trojan-activity;sid:84350309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487210)"; flow:established,from_client; content:"GET"; http_method; content:"/goongangontop/i486"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"198.98.51.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487210/; classtype:trojan-activity;sid:84350310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487211)"; flow:established,from_client; content:"GET"; http_method; content:"/goongangontop/mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"198.98.51.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487211/; classtype:trojan-activity;sid:84350311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487212)"; flow:established,from_client; content:"GET"; http_method; content:"/goongangontop/arm5"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"198.98.51.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487212/; classtype:trojan-activity;sid:84350312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487213)"; flow:established,from_client; content:"GET"; http_method; content:"/goongangontop/arm6"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"198.98.51.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487213/; classtype:trojan-activity;sid:84350313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487214)"; flow:established,from_client; content:"GET"; http_method; content:"/goongangontop/arm7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"198.98.51.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487214/; classtype:trojan-activity;sid:84350314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487215)"; flow:established,from_client; content:"GET"; http_method; content:"/goongangontop/x86_64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"198.98.51.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487215/; classtype:trojan-activity;sid:84350315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487208)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.ugodat.icu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487208/; classtype:trojan-activity;sid:84350308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487207)"; flow:established,from_client; content:"GET"; http_method; content:"/goongangontop/arm"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"198.98.51.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487207/; classtype:trojan-activity;sid:84350307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.32.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487206/; classtype:trojan-activity;sid:84350306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.52.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487205/; classtype:trojan-activity;sid:84350305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.pthkpan.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487202/; classtype:trojan-activity;sid:84350302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"nospws.innoxiously.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487203/; classtype:trojan-activity;sid:84350303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"acc.vujhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487204/; classtype:trojan-activity;sid:84350304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"onyxwatchdog.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487190/; classtype:trojan-activity;sid:84350290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"bwg-kundendaten.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487191/; classtype:trojan-activity;sid:84350291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"iu-pks.screensconnectpro.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487192/; classtype:trojan-activity;sid:84350292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.prmahelp.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487193/; classtype:trojan-activity;sid:84350293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"kasin22.zapto.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487194/; classtype:trojan-activity;sid:84350294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.okhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487195/; classtype:trojan-activity;sid:84350295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"wzuhelp.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487196/; classtype:trojan-activity;sid:84350296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.lrjhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487197/; classtype:trojan-activity;sid:84350297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"mzwuzd.screenvconnects.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487198/; classtype:trojan-activity;sid:84350298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.opnhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487199/; classtype:trojan-activity;sid:84350299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.lrjhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487200/; classtype:trojan-activity;sid:84350300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"cs3699log.dlmhelp.top"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487201/; classtype:trojan-activity;sid:84350301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"spockosw.innoxiously.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487183/; classtype:trojan-activity;sid:84350283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.mr26pan.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487184/; classtype:trojan-activity;sid:84350284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"gmthelp.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487185/; classtype:trojan-activity;sid:84350285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.117.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487186/; classtype:trojan-activity;sid:84350286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.wpahelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487187/; classtype:trojan-activity;sid:84350287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"qprt6-uy.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487188/; classtype:trojan-activity;sid:84350288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"zantmi.innoxiously.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487189/; classtype:trojan-activity;sid:84350289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"sisngl21a.ddns.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487180/; classtype:trojan-activity;sid:84350280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"bvft221.ddns.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487181/; classtype:trojan-activity;sid:84350281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.opnhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487182/; classtype:trojan-activity;sid:84350282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"vjhelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487177/; classtype:trojan-activity;sid:84350277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"natbhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487178/; classtype:trojan-activity;sid:84350278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.fphelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487179/; classtype:trojan-activity;sid:84350279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"fmt2as.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487176/; classtype:trojan-activity;sid:84350276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.238.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487175/; classtype:trojan-activity;sid:84350275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.63.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487174/; classtype:trojan-activity;sid:84350274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487173)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.alosym.icu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487173/; classtype:trojan-activity;sid:84350273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.31.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487172/; classtype:trojan-activity;sid:84350272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.50.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487171/; classtype:trojan-activity;sid:84350271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487170/; classtype:trojan-activity;sid:84350270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.52.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487169/; classtype:trojan-activity;sid:84350269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.72.182.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487168/; classtype:trojan-activity;sid:84350268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487167)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.equcym.icu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487167/; classtype:trojan-activity;sid:84350267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487166)"; flow:established,from_client; content:"GET"; http_method; content:"/rvj600pbx9.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.issuingdingbat.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487166/; classtype:trojan-activity;sid:84350266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.35.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487163/; classtype:trojan-activity;sid:84350263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.238.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487164/; classtype:trojan-activity;sid:84350264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.36.174.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487165/; classtype:trojan-activity;sid:84350265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.31.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487162/; classtype:trojan-activity;sid:84350262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487161)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/downloads/zoom.clientsetup_v0564.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.zoommeetspace.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487161/; classtype:trojan-activity;sid:84350261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487160)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zoominstallerfull.sh"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"zoom-meet-live.carriebrigham-c.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487160/; classtype:trojan-activity;sid:84350260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487156)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zoominstallerfull.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"www.zoommeetplace.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487156/; classtype:trojan-activity;sid:84350256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487157)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zoom.clientsetupv-204827038.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"www.wesco-distributors.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487157/; classtype:trojan-activity;sid:84350257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487158)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/downloads/zoom.clientsetup_v0564.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.periqi.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487158/; classtype:trojan-activity;sid:84350258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487159)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zoominstallerfull.sh"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"www.zoommeetplace.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487159/; classtype:trojan-activity;sid:84350259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487154)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zoominstallerfull.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"zoom-meet-live.carriebrigham-c.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487154/; classtype:trojan-activity;sid:84350254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487155)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/zoom.clientsetupv-204827038.pkg"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"www.wesco-distributors.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487155/; classtype:trojan-activity;sid:84350255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.67.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487153/; classtype:trojan-activity;sid:84350253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487152)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.10.117.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487152/; classtype:trojan-activity;sid:84350252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487151)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.ohuxah.icu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487151/; classtype:trojan-activity;sid:84350251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.36.174.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487150/; classtype:trojan-activity;sid:84350250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.254.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487149/; classtype:trojan-activity;sid:84350249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.32.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487148/; classtype:trojan-activity;sid:84350248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.121.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487147/; classtype:trojan-activity;sid:84350247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487146/; classtype:trojan-activity;sid:84350246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.225.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487145/; classtype:trojan-activity;sid:84350245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.67.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487144/; classtype:trojan-activity;sid:84350244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487140)"; flow:established,from_client; content:"GET"; http_method; content:"/drea4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487140/; classtype:trojan-activity;sid:84350240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487141)"; flow:established,from_client; content:"GET"; http_method; content:"/vjwe68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487141/; classtype:trojan-activity;sid:84350241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487142)"; flow:established,from_client; content:"GET"; http_method; content:"/efjepc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487142/; classtype:trojan-activity;sid:84350242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487143)"; flow:established,from_client; content:"GET"; http_method; content:"/weje64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487143/; classtype:trojan-activity;sid:84350243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487130)"; flow:established,from_client; content:"GET"; http_method; content:"/bejv86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487130/; classtype:trojan-activity;sid:84350230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487131)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487131/; classtype:trojan-activity;sid:84350231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487132)"; flow:established,from_client; content:"GET"; http_method; content:"/vejfa5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487132/; classtype:trojan-activity;sid:84350232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487133)"; flow:established,from_client; content:"GET"; http_method; content:"/rjfe686"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487133/; classtype:trojan-activity;sid:84350233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487134)"; flow:established,from_client; content:"GET"; http_method; content:"/jfeeps"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487134/; classtype:trojan-activity;sid:84350234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487135)"; flow:established,from_client; content:"GET"; http_method; content:"/rrrdsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487135/; classtype:trojan-activity;sid:84350235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487136)"; flow:established,from_client; content:"GET"; http_method; content:"/eehah4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487136/; classtype:trojan-activity;sid:84350236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487137)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487137/; classtype:trojan-activity;sid:84350237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487138)"; flow:established,from_client; content:"GET"; http_method; content:"/efefa7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487138/; classtype:trojan-activity;sid:84350238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487139)"; flow:established,from_client; content:"GET"; http_method; content:"/efea6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.134.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487139/; classtype:trojan-activity;sid:84350239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.236.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487129/; classtype:trojan-activity;sid:84350229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.187.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487128/; classtype:trojan-activity;sid:84350228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.150.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487127/; classtype:trojan-activity;sid:84350227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487126/; classtype:trojan-activity;sid:84350226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487125)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.ugarob.icu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487125/; classtype:trojan-activity;sid:84350225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.35.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487124/; classtype:trojan-activity;sid:84350224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487123)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.40.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487123/; classtype:trojan-activity;sid:84350223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.253.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487122/; classtype:trojan-activity;sid:84350222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487111)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.141.40.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487111/; classtype:trojan-activity;sid:84350211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487112)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.141.40.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487112/; classtype:trojan-activity;sid:84350212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487113)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.40.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487113/; classtype:trojan-activity;sid:84350213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487114)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.141.40.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487114/; classtype:trojan-activity;sid:84350214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487115)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.40.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487115/; classtype:trojan-activity;sid:84350215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487116)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.40.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487116/; classtype:trojan-activity;sid:84350216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487117)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.141.40.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487117/; classtype:trojan-activity;sid:84350217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487118)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.40.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487118/; classtype:trojan-activity;sid:84350218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487119)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.40.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487119/; classtype:trojan-activity;sid:84350219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487120)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.141.40.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487120/; classtype:trojan-activity;sid:84350220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487121)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.141.40.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487121/; classtype:trojan-activity;sid:84350221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.217.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487110/; classtype:trojan-activity;sid:84350210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.121.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487109/; classtype:trojan-activity;sid:84350209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487108)"; flow:established,from_client; content:"GET"; http_method; content:"/p6nkjo2eyg.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487108/; classtype:trojan-activity;sid:84350208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.111.98.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487107/; classtype:trojan-activity;sid:84350207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.196.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487106/; classtype:trojan-activity;sid:84350206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.225.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487105/; classtype:trojan-activity;sid:84350205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.241.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487104/; classtype:trojan-activity;sid:84350204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487100)"; flow:established,from_client; content:"GET"; http_method; content:"/kschcuck/sub/blob/main/vbs_persist.vbs"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487100/; classtype:trojan-activity;sid:84350200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487101)"; flow:established,from_client; content:"GET"; http_method; content:"/kschcuck/sub/refs/heads/main/vbs_persist.vbs"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487101/; classtype:trojan-activity;sid:84350201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487102)"; flow:established,from_client; content:"GET"; http_method; content:"/kschcuck/sub/blob/main/microsoft_credz.ps1"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487102/; classtype:trojan-activity;sid:84350202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487103)"; flow:established,from_client; content:"GET"; http_method; content:"/kschcuck/sub/refs/heads/main/microsoft_credz.ps1"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487103/; classtype:trojan-activity;sid:84350203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.17.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487099/; classtype:trojan-activity;sid:84350199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487098)"; flow:established,from_client; content:"GET"; http_method; content:"/up/uploads/sdr.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.91.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487098/; classtype:trojan-activity;sid:84350198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487091)"; flow:established,from_client; content:"GET"; http_method; content:"/750413b4e6897a671bc759e04597952a0be747830189873b.xlsm"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"h1.yyoiy.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487091/; classtype:trojan-activity;sid:84350191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487092)"; flow:established,from_client; content:"GET"; http_method; content:"/087296f1dee69c2624b2eddca0f347c520eb5afc96080203.vstm"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"h3.yyoiy.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487092/; classtype:trojan-activity;sid:84350192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487093)"; flow:established,from_client; content:"GET"; http_method; content:"/a55fee51fe469b7ed4f23ef3753b380fb548d65f40306962.pptm"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"i.yeaio.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487093/; classtype:trojan-activity;sid:84350193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487094)"; flow:established,from_client; content:"GET"; http_method; content:"/abunaj3/abjjd/releases/download/2/2.mp3"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487094/; classtype:trojan-activity;sid:84350194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487095)"; flow:established,from_client; content:"GET"; http_method; content:"/7fbe5fb3ba958a77f17d1d400555809e71d86fe8999830c1.wpd"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"h2.yyoiy.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487095/; classtype:trojan-activity;sid:84350195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487096)"; flow:established,from_client; content:"GET"; http_method; content:"/forgot.mp3"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"hxptlqrz.store"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487096/; classtype:trojan-activity;sid:84350196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487089)"; flow:established,from_client; content:"GET"; http_method; content:"/up/uploads/skd.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.91.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487089/; classtype:trojan-activity;sid:84350189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487090)"; flow:established,from_client; content:"GET"; http_method; content:"/mysteriousplay.mp3"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kiserman.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487090/; classtype:trojan-activity;sid:84350190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487087)"; flow:established,from_client; content:"GET"; http_method; content:"/0926160888/casualstockscript/releases/download/3.9.6/release.3.9.6.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487087/; classtype:trojan-activity;sid:84350187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487088)"; flow:established,from_client; content:"GET"; http_method; content:"/sasikaanoj/roblox-fisch-script/releases/download/v2.0.4/robloxfischscript_v204.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487088/; classtype:trojan-activity;sid:84350188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487086)"; flow:established,from_client; content:"GET"; http_method; content:"/file2.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bossmart.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487086/; classtype:trojan-activity;sid:84350186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487083)"; flow:established,from_client; content:"GET"; http_method; content:"/chenjee/roblox-scriptify/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487083/; classtype:trojan-activity;sid:84350183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487084)"; flow:established,from_client; content:"GET"; http_method; content:"/file3.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"boomingdeals.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487084/; classtype:trojan-activity;sid:84350184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487085)"; flow:established,from_client; content:"GET"; http_method; content:"/up/uploads/rcpro.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.91.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487085/; classtype:trojan-activity;sid:84350185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487079)"; flow:established,from_client; content:"GET"; http_method; content:"/test/exe/random.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.93.20.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487079/; classtype:trojan-activity;sid:84350179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487080)"; flow:established,from_client; content:"GET"; http_method; content:"/zenn000000/roblox-moon/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487080/; classtype:trojan-activity;sid:84350180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487081)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.40.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487081/; classtype:trojan-activity;sid:84350181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487082)"; flow:established,from_client; content:"GET"; http_method; content:"/zenn000000/roblox-moon/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487082/; classtype:trojan-activity;sid:84350182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487070)"; flow:established,from_client; content:"GET"; http_method; content:"/up/uploads/lap97.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.91.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487070/; classtype:trojan-activity;sid:84350170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487071)"; flow:established,from_client; content:"GET"; http_method; content:"/pass-this-security-check.html|3f|x-amz-algorithm=aws4-hmac-sha256|7c|26|7c|x-amz-credential=tid_owfotar_bvllqauqxydagairnaxtlhnpofpufoexvrdegfssju%2f20250322%2fauto%2fs3%2faws4_request|7c|26|7c|x-amz-date=20250322t122115z|7c|26|7c|x-amz-expires=518400|7c|26|7c|x-amz-signedheaders=host|7c|26|7c|x-amz-signature=c6604863941a9754d294ca78766e9cc92ff578ad4a1e9b26a92c01cfab7a8e8f"; http_uri; depth:376; isdataat:!1,relative; nocase; content:"default-web-security.fly.storage.tigris.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487071/; classtype:trojan-activity;sid:84350171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487072)"; flow:established,from_client; content:"GET"; http_method; content:"/up/uploads/sp/1908.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.91.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487072/; classtype:trojan-activity;sid:84350172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487073)"; flow:established,from_client; content:"GET"; http_method; content:"/up/uploads/sp/1909.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.91.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487073/; classtype:trojan-activity;sid:84350173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487074)"; flow:established,from_client; content:"GET"; http_method; content:"/up/uploads/dsl.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.91.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487074/; classtype:trojan-activity;sid:84350174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487075)"; flow:established,from_client; content:"GET"; http_method; content:"/up/uploads/1909.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.91.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487075/; classtype:trojan-activity;sid:84350175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487076)"; flow:established,from_client; content:"GET"; http_method; content:"/up/uploads/1908.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.91.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487076/; classtype:trojan-activity;sid:84350176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487077)"; flow:established,from_client; content:"GET"; http_method; content:"/up/uploads/rclight.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.91.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487077/; classtype:trojan-activity;sid:84350177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487078)"; flow:established,from_client; content:"GET"; http_method; content:"/up/uploads/file.bat"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.91.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487078/; classtype:trojan-activity;sid:84350178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487068)"; flow:established,from_client; content:"GET"; http_method; content:"/2.mp3"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"pub-8cc19ee7f6db401b873bdd6baa90c5c2.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487068/; classtype:trojan-activity;sid:84350168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487069)"; flow:established,from_client; content:"GET"; http_method; content:"/dl19"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487069/; classtype:trojan-activity;sid:84350169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487067)"; flow:established,from_client; content:"GET"; http_method; content:"/ejnntse.bat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"twitch.cheap"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487067/; classtype:trojan-activity;sid:84350167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487066)"; flow:established,from_client; content:"GET"; http_method; content:"/apps/startappit.ps1"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"updateappdd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487066/; classtype:trojan-activity;sid:84350166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487064)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"uplstack-protect.netlify.app"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487064/; classtype:trojan-activity;sid:84350164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487065)"; flow:established,from_client; content:"GET"; http_method; content:"/road/222.html"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"smarthomecookingtools.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487065/; classtype:trojan-activity;sid:84350165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487062)"; flow:established,from_client; content:"GET"; http_method; content:"/reader/build104.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.93.20.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487062/; classtype:trojan-activity;sid:84350162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487063)"; flow:established,from_client; content:"GET"; http_method; content:"/003/01/d1"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"104.168.28.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487063/; classtype:trojan-activity;sid:84350163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.177.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487061/; classtype:trojan-activity;sid:84350161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.201.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487060/; classtype:trojan-activity;sid:84350160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.217.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487059/; classtype:trojan-activity;sid:84350159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.17.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487058/; classtype:trojan-activity;sid:84350158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.177.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487057/; classtype:trojan-activity;sid:84350157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487056/; classtype:trojan-activity;sid:84350156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.196.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487055/; classtype:trojan-activity;sid:84350155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.111.98.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487054/; classtype:trojan-activity;sid:84350154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487053/; classtype:trojan-activity;sid:84350153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487052)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487052/; classtype:trojan-activity;sid:84350152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487048)"; flow:established,from_client; content:"GET"; http_method; content:"/iueghfjfxc.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487048/; classtype:trojan-activity;sid:84350148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487049)"; flow:established,from_client; content:"GET"; http_method; content:"/2zdz888kme.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487049/; classtype:trojan-activity;sid:84350149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487050)"; flow:established,from_client; content:"GET"; http_method; content:"/fnclocgo1s.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487050/; classtype:trojan-activity;sid:84350150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487051)"; flow:established,from_client; content:"GET"; http_method; content:"/o634qa4nta.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487051/; classtype:trojan-activity;sid:84350151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487036)"; flow:established,from_client; content:"GET"; http_method; content:"/0e2yez3naj.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487036/; classtype:trojan-activity;sid:84350136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487037)"; flow:established,from_client; content:"GET"; http_method; content:"/7dmej2tbdz.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487037/; classtype:trojan-activity;sid:84350137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487038)"; flow:established,from_client; content:"GET"; http_method; content:"/4vetwd26w0.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487038/; classtype:trojan-activity;sid:84350138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487039)"; flow:established,from_client; content:"GET"; http_method; content:"/9jhgm4gao6.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487039/; classtype:trojan-activity;sid:84350139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487040)"; flow:established,from_client; content:"GET"; http_method; content:"/tam21vjt3g.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487040/; classtype:trojan-activity;sid:84350140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487041)"; flow:established,from_client; content:"GET"; http_method; content:"/fqcj89uxe1.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487041/; classtype:trojan-activity;sid:84350141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487042)"; flow:established,from_client; content:"GET"; http_method; content:"/8twojl66ch.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487042/; classtype:trojan-activity;sid:84350142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487043)"; flow:established,from_client; content:"GET"; http_method; content:"/iqdwjvguww.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487043/; classtype:trojan-activity;sid:84350143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487044)"; flow:established,from_client; content:"GET"; http_method; content:"/hofhu533ek.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487044/; classtype:trojan-activity;sid:84350144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487045)"; flow:established,from_client; content:"GET"; http_method; content:"/kbt9pbq2qr.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487045/; classtype:trojan-activity;sid:84350145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487046)"; flow:established,from_client; content:"GET"; http_method; content:"/iz4ps4liac.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487046/; classtype:trojan-activity;sid:84350146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487047)"; flow:established,from_client; content:"GET"; http_method; content:"/dm3oriol9j.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487047/; classtype:trojan-activity;sid:84350147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487027)"; flow:established,from_client; content:"GET"; http_method; content:"/45q4hywmi7.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487027/; classtype:trojan-activity;sid:84350127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487028)"; flow:established,from_client; content:"GET"; http_method; content:"/c8c0yzr2ng.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487028/; classtype:trojan-activity;sid:84350128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487029)"; flow:established,from_client; content:"GET"; http_method; content:"/zywmy14kiq.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487029/; classtype:trojan-activity;sid:84350129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487030)"; flow:established,from_client; content:"GET"; http_method; content:"/pn4pjp1h20.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487030/; classtype:trojan-activity;sid:84350130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487031)"; flow:established,from_client; content:"GET"; http_method; content:"/smppqcrzun.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487031/; classtype:trojan-activity;sid:84350131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487032)"; flow:established,from_client; content:"GET"; http_method; content:"/gbaxvthz7e.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487032/; classtype:trojan-activity;sid:84350132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487033)"; flow:established,from_client; content:"GET"; http_method; content:"/0pjqp722r8.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487033/; classtype:trojan-activity;sid:84350133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487034)"; flow:established,from_client; content:"GET"; http_method; content:"/3pxblqlrcc.mp3/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487034/; classtype:trojan-activity;sid:84350134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487035)"; flow:established,from_client; content:"GET"; http_method; content:"/kbt9pbq2qr.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487035/; classtype:trojan-activity;sid:84350135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.10.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487026/; classtype:trojan-activity;sid:84350126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.116.170.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487024/; classtype:trojan-activity;sid:84350124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.201.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487025/; classtype:trojan-activity;sid:84350125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.170.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487023/; classtype:trojan-activity;sid:84350123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.154.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487022/; classtype:trojan-activity;sid:84350122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.6.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487021/; classtype:trojan-activity;sid:84350121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487020/; classtype:trojan-activity;sid:84350120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.45.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487019/; classtype:trojan-activity;sid:84350119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.90.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487018/; classtype:trojan-activity;sid:84350118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487017)"; flow:established,from_client; content:"GET"; http_method; content:"/w9ldo6spgy.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487017/; classtype:trojan-activity;sid:84350117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.138.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487015/; classtype:trojan-activity;sid:84350115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.97.175.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487016/; classtype:trojan-activity;sid:84350116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.42.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487014/; classtype:trojan-activity;sid:84350114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.4.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487013/; classtype:trojan-activity;sid:84350113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487012/; classtype:trojan-activity;sid:84350112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.10.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487011/; classtype:trojan-activity;sid:84350111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.57.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487010/; classtype:trojan-activity;sid:84350110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.121.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487009/; classtype:trojan-activity;sid:84350109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.133.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487008/; classtype:trojan-activity;sid:84350108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.154.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487007/; classtype:trojan-activity;sid:84350107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.170.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487006/; classtype:trojan-activity;sid:84350106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.90.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487005/; classtype:trojan-activity;sid:84350105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.127.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487004/; classtype:trojan-activity;sid:84350104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.188.74.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487003/; classtype:trojan-activity;sid:84350103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.138.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487002/; classtype:trojan-activity;sid:84350102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.58.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487001/; classtype:trojan-activity;sid:84350101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487000/; classtype:trojan-activity;sid:84350100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.97.175.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486999/; classtype:trojan-activity;sid:84350099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.74.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486998/; classtype:trojan-activity;sid:84350098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.188.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486996/; classtype:trojan-activity;sid:84350096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.121.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486997/; classtype:trojan-activity;sid:84350097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.86.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486994/; classtype:trojan-activity;sid:84350094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.57.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486995/; classtype:trojan-activity;sid:84350095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.89.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486993/; classtype:trojan-activity;sid:84350093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.45.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486992/; classtype:trojan-activity;sid:84350092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.53.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486991/; classtype:trojan-activity;sid:84350091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486990/; classtype:trojan-activity;sid:84350090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.69.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486989/; classtype:trojan-activity;sid:84350089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.57.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486988/; classtype:trojan-activity;sid:84350088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.58.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486987/; classtype:trojan-activity;sid:84350087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486986)"; flow:established,from_client; content:"GET"; http_method; content:"/gbaxvthz7e.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486986/; classtype:trojan-activity;sid:84350086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.133.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486985/; classtype:trojan-activity;sid:84350085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.30.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486984/; classtype:trojan-activity;sid:84350084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.112.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486983/; classtype:trojan-activity;sid:84350083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.23.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486980/; classtype:trojan-activity;sid:84350080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.11.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486981/; classtype:trojan-activity;sid:84350081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.69.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486982/; classtype:trojan-activity;sid:84350082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.53.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486979/; classtype:trojan-activity;sid:84350079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.160.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486978/; classtype:trojan-activity;sid:84350078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486977)"; flow:established,from_client; content:"GET"; http_method; content:"/ta.msi"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"healthy-deemed-essays-opens.trycloudflare.com"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486977/; classtype:trojan-activity;sid:84350077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486975)"; flow:established,from_client; content:"GET"; http_method; content:"/1ysnaghsa/re_0639273740212.pdf.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"healthy-deemed-essays-opens.trycloudflare.com"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486975/; classtype:trojan-activity;sid:84350075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486976)"; flow:established,from_client; content:"GET"; http_method; content:"/2ysnahsjajd/re_00740936439473.pdf.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"healthy-deemed-essays-opens.trycloudflare.com"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486976/; classtype:trojan-activity;sid:84350076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486974)"; flow:established,from_client; content:"GET"; http_method; content:"/mp3.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"healthy-deemed-essays-opens.trycloudflare.com"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486974/; classtype:trojan-activity;sid:84350074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.156.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486973/; classtype:trojan-activity;sid:84350073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.112.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486972/; classtype:trojan-activity;sid:84350072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.23.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486971/; classtype:trojan-activity;sid:84350071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.150.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486969/; classtype:trojan-activity;sid:84350069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.233.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486970/; classtype:trojan-activity;sid:84350070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.139.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486968/; classtype:trojan-activity;sid:84350068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.227.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486967/; classtype:trojan-activity;sid:84350067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.47.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486966/; classtype:trojan-activity;sid:84350066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486965)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/installer.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"parallels.ltd"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486965/; classtype:trojan-activity;sid:84350065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.156.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486964/; classtype:trojan-activity;sid:84350064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.73.126.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486963/; classtype:trojan-activity;sid:84350063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.205.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486962/; classtype:trojan-activity;sid:84350062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.150.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486961/; classtype:trojan-activity;sid:84350061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.233.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486960/; classtype:trojan-activity;sid:84350060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486959)"; flow:established,from_client; content:"GET"; http_method; content:"/iqdwjvguww.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486959/; classtype:trojan-activity;sid:84350059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.139.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486958/; classtype:trojan-activity;sid:84350058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.227.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486957/; classtype:trojan-activity;sid:84350057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.165.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486956/; classtype:trojan-activity;sid:84350056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.247.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486954/; classtype:trojan-activity;sid:84350054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.128.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486955/; classtype:trojan-activity;sid:84350055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486950/; classtype:trojan-activity;sid:84350050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486951)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486951/; classtype:trojan-activity;sid:84350051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.20.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486952/; classtype:trojan-activity;sid:84350052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486953/; classtype:trojan-activity;sid:84350053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.81.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486948/; classtype:trojan-activity;sid:84350048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.84.139.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486949/; classtype:trojan-activity;sid:84350049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.8.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486947/; classtype:trojan-activity;sid:84350047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.224.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486946/; classtype:trojan-activity;sid:84350046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.33.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486945/; classtype:trojan-activity;sid:84350045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.235.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486944/; classtype:trojan-activity;sid:84350044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.117.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486943/; classtype:trojan-activity;sid:84350043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.202.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486942/; classtype:trojan-activity;sid:84350042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.83.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486941/; classtype:trojan-activity;sid:84350041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.73.126.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486940/; classtype:trojan-activity;sid:84350040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.165.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486939/; classtype:trojan-activity;sid:84350039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.0.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486938/; classtype:trojan-activity;sid:84350038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.33.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486937/; classtype:trojan-activity;sid:84350037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486936/; classtype:trojan-activity;sid:84350036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.97.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486935/; classtype:trojan-activity;sid:84350035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.32.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486934/; classtype:trojan-activity;sid:84350034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.92.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486933/; classtype:trojan-activity;sid:84350033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.177.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486932/; classtype:trojan-activity;sid:84350032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.159.91.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486930/; classtype:trojan-activity;sid:84350030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.3.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486931/; classtype:trojan-activity;sid:84350031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.187.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486928/; classtype:trojan-activity;sid:84350028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486929)"; flow:established,from_client; content:"GET"; http_method; content:"/osaqogmxob.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486929/; classtype:trojan-activity;sid:84350029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.202.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486927/; classtype:trojan-activity;sid:84350027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.235.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486926/; classtype:trojan-activity;sid:84350026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.32.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486925/; classtype:trojan-activity;sid:84350025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.244.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486924/; classtype:trojan-activity;sid:84350024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.97.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486923/; classtype:trojan-activity;sid:84350023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.157.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486922/; classtype:trojan-activity;sid:84350022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.177.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486921/; classtype:trojan-activity;sid:84350021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.3.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486920/; classtype:trojan-activity;sid:84350020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.116.170.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486919/; classtype:trojan-activity;sid:84350019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.216.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486918/; classtype:trojan-activity;sid:84350018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.159.91.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486917/; classtype:trojan-activity;sid:84350017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.187.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486916/; classtype:trojan-activity;sid:84350016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486915/; classtype:trojan-activity;sid:84350015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486913/; classtype:trojan-activity;sid:84350013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.14.124"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486914/; classtype:trojan-activity;sid:84350014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.110.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486912/; classtype:trojan-activity;sid:84350012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.14.124"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486911/; classtype:trojan-activity;sid:84350011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486910)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.247.148.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486910/; classtype:trojan-activity;sid:84350010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.244.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486909/; classtype:trojan-activity;sid:84350009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486908/; classtype:trojan-activity;sid:84350008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.4.165"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486907/; classtype:trojan-activity;sid:84350007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.179.9.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486906/; classtype:trojan-activity;sid:84350006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.159.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486905/; classtype:trojan-activity;sid:84350005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.61.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486904/; classtype:trojan-activity;sid:84350004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.13.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486903/; classtype:trojan-activity;sid:84350003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.151.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486902/; classtype:trojan-activity;sid:84350002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.242.106.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486901/; classtype:trojan-activity;sid:84350001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486900)"; flow:established,from_client; content:"GET"; http_method; content:"/ew73q9rvx3.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486900/; classtype:trojan-activity;sid:84350000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.61.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486898/; classtype:trojan-activity;sid:84349998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.82.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486899/; classtype:trojan-activity;sid:84349999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.177.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486897/; classtype:trojan-activity;sid:84349997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486895/; classtype:trojan-activity;sid:84349995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.174.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486896/; classtype:trojan-activity;sid:84349996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.0.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486894/; classtype:trojan-activity;sid:84349994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.159.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486893/; classtype:trojan-activity;sid:84349993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.4.165"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486892/; classtype:trojan-activity;sid:84349992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.198.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486891/; classtype:trojan-activity;sid:84349991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486890/; classtype:trojan-activity;sid:84349990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.107.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486889/; classtype:trojan-activity;sid:84349989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.179.9.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486888/; classtype:trojan-activity;sid:84349988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.13.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486887/; classtype:trojan-activity;sid:84349987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.125.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486886/; classtype:trojan-activity;sid:84349986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.23.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486885/; classtype:trojan-activity;sid:84349985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.174.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486884/; classtype:trojan-activity;sid:84349984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.242.106.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486883/; classtype:trojan-activity;sid:84349983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.82.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486882/; classtype:trojan-activity;sid:84349982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.0.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486881/; classtype:trojan-activity;sid:84349981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.25.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486880/; classtype:trojan-activity;sid:84349980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486879/; classtype:trojan-activity;sid:84349979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.159.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486878/; classtype:trojan-activity;sid:84349978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.56.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486876/; classtype:trojan-activity;sid:84349976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.100.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486877/; classtype:trojan-activity;sid:84349977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.3.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486875/; classtype:trojan-activity;sid:84349975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.125.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486874/; classtype:trojan-activity;sid:84349974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486873/; classtype:trojan-activity;sid:84349973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486872/; classtype:trojan-activity;sid:84349972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.112.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486871/; classtype:trojan-activity;sid:84349971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.100.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486870/; classtype:trojan-activity;sid:84349970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.152.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486869/; classtype:trojan-activity;sid:84349969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.3.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486868/; classtype:trojan-activity;sid:84349968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.188.91.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486867/; classtype:trojan-activity;sid:84349967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.3.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486866/; classtype:trojan-activity;sid:84349966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.201.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486865/; classtype:trojan-activity;sid:84349965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486864)"; flow:established,from_client; content:"GET"; http_method; content:"/87tn6hc3hc.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486864/; classtype:trojan-activity;sid:84349964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.16.223"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486863/; classtype:trojan-activity;sid:84349963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.100.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486862/; classtype:trojan-activity;sid:84349962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.112.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486861/; classtype:trojan-activity;sid:84349961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.98.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486859/; classtype:trojan-activity;sid:84349959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.77.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486860/; classtype:trojan-activity;sid:84349960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.16.223"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486858/; classtype:trojan-activity;sid:84349958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.158.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486856/; classtype:trojan-activity;sid:84349956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486857/; classtype:trojan-activity;sid:84349957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486854/; classtype:trojan-activity;sid:84349954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.203.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486855/; classtype:trojan-activity;sid:84349955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.105.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486853/; classtype:trojan-activity;sid:84349953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.2.100"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486852/; classtype:trojan-activity;sid:84349952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486851)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.125.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486851/; classtype:trojan-activity;sid:84349951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486850/; classtype:trojan-activity;sid:84349950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.95.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486849/; classtype:trojan-activity;sid:84349949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486848)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.147.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486848/; classtype:trojan-activity;sid:84349948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486847)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.70.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486847/; classtype:trojan-activity;sid:84349947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.0.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486846/; classtype:trojan-activity;sid:84349946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.1.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486845/; classtype:trojan-activity;sid:84349945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.28.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486843/; classtype:trojan-activity;sid:84349943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486844/; classtype:trojan-activity;sid:84349944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.72.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486842/; classtype:trojan-activity;sid:84349942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.159.96.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486841/; classtype:trojan-activity;sid:84349941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486834)"; flow:established,from_client; content:"GET"; http_method; content:"/mcafee-online/hodh009/downloads/consoleapp1.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486834/; classtype:trojan-activity;sid:84349934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486835)"; flow:established,from_client; content:"GET"; http_method; content:"/mcafee-online/hodh009/downloads/xclient2.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486835/; classtype:trojan-activity;sid:84349935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486836)"; flow:established,from_client; content:"GET"; http_method; content:"/mcafee-online/hodh009/downloads/encrypted.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486836/; classtype:trojan-activity;sid:84349936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486837)"; flow:established,from_client; content:"GET"; http_method; content:"/mcafee-online/hodh009/downloads/output_encrypted.bin"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486837/; classtype:trojan-activity;sid:84349937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486838)"; flow:established,from_client; content:"GET"; http_method; content:"/mcafee-online/hodh009/downloads/loader_encrypted.bin"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486838/; classtype:trojan-activity;sid:84349938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486839)"; flow:established,from_client; content:"GET"; http_method; content:"/mcafee-online/hodh009/downloads/xclient3.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486839/; classtype:trojan-activity;sid:84349939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486840)"; flow:established,from_client; content:"GET"; http_method; content:"/mcafee-online/hodh009/downloads/loader.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486840/; classtype:trojan-activity;sid:84349940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486833)"; flow:established,from_client; content:"GET"; http_method; content:"/mcafee-online/hodh009/downloads/output.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486833/; classtype:trojan-activity;sid:84349933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.27.155.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486832/; classtype:trojan-activity;sid:84349932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.3.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486831/; classtype:trojan-activity;sid:84349931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486823)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.121.13.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486823/; classtype:trojan-activity;sid:84349923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486824)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.121.13.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486824/; classtype:trojan-activity;sid:84349924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486825)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.121.13.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486825/; classtype:trojan-activity;sid:84349925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486826)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.121.13.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486826/; classtype:trojan-activity;sid:84349926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486827)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.121.13.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486827/; classtype:trojan-activity;sid:84349927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486828)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.121.13.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486828/; classtype:trojan-activity;sid:84349928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486829)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.121.13.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486829/; classtype:trojan-activity;sid:84349929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486830)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.121.13.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486830/; classtype:trojan-activity;sid:84349930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486822)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.121.13.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486822/; classtype:trojan-activity;sid:84349922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.76.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486819/; classtype:trojan-activity;sid:84349919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.8.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486820/; classtype:trojan-activity;sid:84349920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.236.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486821/; classtype:trojan-activity;sid:84349921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.140.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486818/; classtype:trojan-activity;sid:84349918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486806)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.245.211.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486806/; classtype:trojan-activity;sid:84349906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486807)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.245.211.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486807/; classtype:trojan-activity;sid:84349907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486808)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.245.211.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486808/; classtype:trojan-activity;sid:84349908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486809)"; flow:established,from_client; content:"GET"; http_method; content:"/phantom.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"157.245.211.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486809/; classtype:trojan-activity;sid:84349909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486810)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.245.211.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486810/; classtype:trojan-activity;sid:84349910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486811)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.245.211.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486811/; classtype:trojan-activity;sid:84349911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486812)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.245.211.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486812/; classtype:trojan-activity;sid:84349912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486813)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.245.211.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486813/; classtype:trojan-activity;sid:84349913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486814)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.245.211.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486814/; classtype:trojan-activity;sid:84349914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486815)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.245.211.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486815/; classtype:trojan-activity;sid:84349915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486816)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.245.211.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486816/; classtype:trojan-activity;sid:84349916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486817)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.245.211.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486817/; classtype:trojan-activity;sid:84349917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486805)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.245.211.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486805/; classtype:trojan-activity;sid:84349905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.98.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486804/; classtype:trojan-activity;sid:84349904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.24.176.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486803/; classtype:trojan-activity;sid:84349903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.6.209.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486802/; classtype:trojan-activity;sid:84349902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.213.175.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486801/; classtype:trojan-activity;sid:84349901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.18.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486800/; classtype:trojan-activity;sid:84349900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.249.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486799/; classtype:trojan-activity;sid:84349899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.18.196.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486798/; classtype:trojan-activity;sid:84349898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.101.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486797/; classtype:trojan-activity;sid:84349897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.27.81.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486791/; classtype:trojan-activity;sid:84349891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.239.196.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486792/; classtype:trojan-activity;sid:84349892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.47.103.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486793/; classtype:trojan-activity;sid:84349893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.101.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486794/; classtype:trojan-activity;sid:84349894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.34.29.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486795/; classtype:trojan-activity;sid:84349895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.176.73.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486796/; classtype:trojan-activity;sid:84349896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.166.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486780/; classtype:trojan-activity;sid:84349880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.31.188.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486781/; classtype:trojan-activity;sid:84349881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.177.219.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486782/; classtype:trojan-activity;sid:84349882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.12.53.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486783/; classtype:trojan-activity;sid:84349883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.18.229.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486784/; classtype:trojan-activity;sid:84349884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"131.100.34.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486785/; classtype:trojan-activity;sid:84349885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.184.123.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486786/; classtype:trojan-activity;sid:84349886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.19.47.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486787/; classtype:trojan-activity;sid:84349887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.215.100.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486788/; classtype:trojan-activity;sid:84349888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.196.99.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486789/; classtype:trojan-activity;sid:84349889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.149.223.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486790/; classtype:trojan-activity;sid:84349890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.119.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486777/; classtype:trojan-activity;sid:84349877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.41.214.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486778/; classtype:trojan-activity;sid:84349878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.143.49.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486779/; classtype:trojan-activity;sid:84349879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.231.18.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486773/; classtype:trojan-activity;sid:84349873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.29.232.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486774/; classtype:trojan-activity;sid:84349874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.44.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486775/; classtype:trojan-activity;sid:84349875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.71.68.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486776/; classtype:trojan-activity;sid:84349876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486771/; classtype:trojan-activity;sid:84349871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.47.211.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486772/; classtype:trojan-activity;sid:84349872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486769)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/testo2.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"voozaak.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486769/; classtype:trojan-activity;sid:84349869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486770)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/testo.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"voozaak.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486770/; classtype:trojan-activity;sid:84349870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486768)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/plplo5.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"voozaak.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486768/; classtype:trojan-activity;sid:84349868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.211.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486767/; classtype:trojan-activity;sid:84349867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486766)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.244.68.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486766/; classtype:trojan-activity;sid:84349866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486765)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.200.168.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486765/; classtype:trojan-activity;sid:84349865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486762)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.182.106.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486762/; classtype:trojan-activity;sid:84349862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486763)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"51.171.132.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486763/; classtype:trojan-activity;sid:84349863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486764)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"161.81.123.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486764/; classtype:trojan-activity;sid:84349864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486761)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.47.8.11"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486761/; classtype:trojan-activity;sid:84349861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486753)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.73.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486753/; classtype:trojan-activity;sid:84349853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486754)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.205.241.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486754/; classtype:trojan-activity;sid:84349854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486755)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.159.30.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486755/; classtype:trojan-activity;sid:84349855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486756)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"181.200.2.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486756/; classtype:trojan-activity;sid:84349856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486757)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.40.119.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486757/; classtype:trojan-activity;sid:84349857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486758)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"161.81.123.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486758/; classtype:trojan-activity;sid:84349858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486759)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.191.153.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486759/; classtype:trojan-activity;sid:84349859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486760)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"116.110.189.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486760/; classtype:trojan-activity;sid:84349860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486750)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.44.132.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486750/; classtype:trojan-activity;sid:84349850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486751)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.52.157.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486751/; classtype:trojan-activity;sid:84349851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486752)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.94.65.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486752/; classtype:trojan-activity;sid:84349852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486749)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.166.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486749/; classtype:trojan-activity;sid:84349849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.32.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486748/; classtype:trojan-activity;sid:84349848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.82.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486747/; classtype:trojan-activity;sid:84349847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.198.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486746/; classtype:trojan-activity;sid:84349846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.241.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486745/; classtype:trojan-activity;sid:84349845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"140.255.139.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486744/; classtype:trojan-activity;sid:84349844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486743/; classtype:trojan-activity;sid:84349843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.24.176.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486742/; classtype:trojan-activity;sid:84349842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.199.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486741/; classtype:trojan-activity;sid:84349841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.215.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486740/; classtype:trojan-activity;sid:84349840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.8.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486739/; classtype:trojan-activity;sid:84349839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.140.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486738/; classtype:trojan-activity;sid:84349838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.70.189.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486737/; classtype:trojan-activity;sid:84349837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.87.240.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486735/; classtype:trojan-activity;sid:84349835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486736/; classtype:trojan-activity;sid:84349836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486734)"; flow:established,from_client; content:"GET"; http_method; content:"/f503mlg6cf.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486734/; classtype:trojan-activity;sid:84349834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.146.69.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486733/; classtype:trojan-activity;sid:84349833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486732/; classtype:trojan-activity;sid:84349832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.88.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486731/; classtype:trojan-activity;sid:84349831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.236.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486730/; classtype:trojan-activity;sid:84349830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.82.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486729/; classtype:trojan-activity;sid:84349829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.253.104.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486728/; classtype:trojan-activity;sid:84349828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486726)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486726/; classtype:trojan-activity;sid:84349826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486727)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.spc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486727/; classtype:trojan-activity;sid:84349827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486725)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486725/; classtype:trojan-activity;sid:84349825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486721)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486721/; classtype:trojan-activity;sid:84349821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486722)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486722/; classtype:trojan-activity;sid:84349822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486723)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486723/; classtype:trojan-activity;sid:84349823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486724)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486724/; classtype:trojan-activity;sid:84349824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.241.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486720/; classtype:trojan-activity;sid:84349820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486718)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486718/; classtype:trojan-activity;sid:84349818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486719)"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.32.162.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486719/; classtype:trojan-activity;sid:84349819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.232.3.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486717/; classtype:trojan-activity;sid:84349817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.34.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486716/; classtype:trojan-activity;sid:84349816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486715/; classtype:trojan-activity;sid:84349815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.236.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486714/; classtype:trojan-activity;sid:84349814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.87.240.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486713/; classtype:trojan-activity;sid:84349813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.197.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486712/; classtype:trojan-activity;sid:84349812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.251.0.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486711/; classtype:trojan-activity;sid:84349811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486710/; classtype:trojan-activity;sid:84349810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.154.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486709/; classtype:trojan-activity;sid:84349809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.188.91.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486708/; classtype:trojan-activity;sid:84349808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.35.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486707/; classtype:trojan-activity;sid:84349807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.253.104.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486706/; classtype:trojan-activity;sid:84349806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486705/; classtype:trojan-activity;sid:84349805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.56.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486704/; classtype:trojan-activity;sid:84349804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.73.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486703/; classtype:trojan-activity;sid:84349803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.232.3.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486702/; classtype:trojan-activity;sid:84349802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.34.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486701/; classtype:trojan-activity;sid:84349801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.251.0.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486700/; classtype:trojan-activity;sid:84349800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486699)"; flow:established,from_client; content:"GET"; http_method; content:"/71qrf5eoak.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486699/; classtype:trojan-activity;sid:84349799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.52.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486698/; classtype:trojan-activity;sid:84349798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.233.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486697/; classtype:trojan-activity;sid:84349797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.35.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486696/; classtype:trojan-activity;sid:84349796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.50.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486694/; classtype:trojan-activity;sid:84349794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.27.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486695/; classtype:trojan-activity;sid:84349795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.117.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486693/; classtype:trojan-activity;sid:84349793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.74.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486691/; classtype:trojan-activity;sid:84349791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.157.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486692/; classtype:trojan-activity;sid:84349792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.73.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486690/; classtype:trojan-activity;sid:84349790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.73.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486689/; classtype:trojan-activity;sid:84349789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.102.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486688/; classtype:trojan-activity;sid:84349788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.146.69.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486687/; classtype:trojan-activity;sid:84349787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.87.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486686/; classtype:trojan-activity;sid:84349786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.52.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486684/; classtype:trojan-activity;sid:84349784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.219.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486685/; classtype:trojan-activity;sid:84349785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.211.226.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486683/; classtype:trojan-activity;sid:84349783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.117.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486682/; classtype:trojan-activity;sid:84349782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.152.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486681/; classtype:trojan-activity;sid:84349781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.234.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486679/; classtype:trojan-activity;sid:84349779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.157.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486680/; classtype:trojan-activity;sid:84349780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.70.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486677/; classtype:trojan-activity;sid:84349777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.159.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486678/; classtype:trojan-activity;sid:84349778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.233.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486676/; classtype:trojan-activity;sid:84349776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.27.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486675/; classtype:trojan-activity;sid:84349775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.194.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486674/; classtype:trojan-activity;sid:84349774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.178.6.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486673/; classtype:trojan-activity;sid:84349773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.91.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486672/; classtype:trojan-activity;sid:84349772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.34.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486671/; classtype:trojan-activity;sid:84349771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.70.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486670/; classtype:trojan-activity;sid:84349770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.12.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486669/; classtype:trojan-activity;sid:84349769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.209.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486668/; classtype:trojan-activity;sid:84349768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.231.153.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486667/; classtype:trojan-activity;sid:84349767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.31.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486665/; classtype:trojan-activity;sid:84349765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.152.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486666/; classtype:trojan-activity;sid:84349766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.21.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486664/; classtype:trojan-activity;sid:84349764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.224.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486663/; classtype:trojan-activity;sid:84349763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486662)"; flow:established,from_client; content:"GET"; http_method; content:"/hofhu533ek.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486662/; classtype:trojan-activity;sid:84349762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.9.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486660/; classtype:trojan-activity;sid:84349760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.119.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486661/; classtype:trojan-activity;sid:84349761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.140.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486659/; classtype:trojan-activity;sid:84349759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.6.125.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486658/; classtype:trojan-activity;sid:84349758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.173.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486657/; classtype:trojan-activity;sid:84349757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.242.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486656/; classtype:trojan-activity;sid:84349756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.64.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486655/; classtype:trojan-activity;sid:84349755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.194.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486654/; classtype:trojan-activity;sid:84349754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.180.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486652/; classtype:trojan-activity;sid:84349752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.244.73.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486653/; classtype:trojan-activity;sid:84349753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.105.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486651/; classtype:trojan-activity;sid:84349751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.159.96.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486650/; classtype:trojan-activity;sid:84349750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486649/; classtype:trojan-activity;sid:84349749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.75.113.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486645/; classtype:trojan-activity;sid:84349745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.157.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486646/; classtype:trojan-activity;sid:84349746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.98.38.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486647/; classtype:trojan-activity;sid:84349747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.49.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486648/; classtype:trojan-activity;sid:84349748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.152.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486642/; classtype:trojan-activity;sid:84349742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486643)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486643/; classtype:trojan-activity;sid:84349743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486644/; classtype:trojan-activity;sid:84349744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.11.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486641/; classtype:trojan-activity;sid:84349741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.190.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486640/; classtype:trojan-activity;sid:84349740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"69.23.253.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486639/; classtype:trojan-activity;sid:84349739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.8.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486638/; classtype:trojan-activity;sid:84349738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.31.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3486637/; classtype:trojan-activity;sid:84349737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.2.132"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486636/; classtype:trojan-activity;sid:84349736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.91.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486635/; classtype:trojan-activity;sid:84349735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.91.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486634/; classtype:trojan-activity;sid:84349734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.153.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486633/; classtype:trojan-activity;sid:84349733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.25.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486632/; classtype:trojan-activity;sid:84349732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.189.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486631/; classtype:trojan-activity;sid:84349731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.234.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486630/; classtype:trojan-activity;sid:84349730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.80.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486629/; classtype:trojan-activity;sid:84349729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.178.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486628/; classtype:trojan-activity;sid:84349728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.64.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486627/; classtype:trojan-activity;sid:84349727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.9.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486626/; classtype:trojan-activity;sid:84349726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.55.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486625/; classtype:trojan-activity;sid:84349725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.119.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486624/; classtype:trojan-activity;sid:84349724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.20.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486623/; classtype:trojan-activity;sid:84349723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.16.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486622/; classtype:trojan-activity;sid:84349722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.27.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486621/; classtype:trojan-activity;sid:84349721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.219.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486620/; classtype:trojan-activity;sid:84349720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.25.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486619/; classtype:trojan-activity;sid:84349719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486618)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.151.73.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486618/; classtype:trojan-activity;sid:84349718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.189.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486617/; classtype:trojan-activity;sid:84349717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.36.156.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486614/; classtype:trojan-activity;sid:84349714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.7.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486615/; classtype:trojan-activity;sid:84349715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.91.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486616/; classtype:trojan-activity;sid:84349716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.109.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486613/; classtype:trojan-activity;sid:84349713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.43.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486611/; classtype:trojan-activity;sid:84349711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.245.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486612/; classtype:trojan-activity;sid:84349712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486610)"; flow:established,from_client; content:"GET"; http_method; content:"/0pjqp722r8.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486610/; classtype:trojan-activity;sid:84349710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.20.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486609/; classtype:trojan-activity;sid:84349709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.87.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486608/; classtype:trojan-activity;sid:84349708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.48.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486607/; classtype:trojan-activity;sid:84349707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.43.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486606/; classtype:trojan-activity;sid:84349706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.245.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486605/; classtype:trojan-activity;sid:84349705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.112.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486604/; classtype:trojan-activity;sid:84349704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.109.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486603/; classtype:trojan-activity;sid:84349703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.87.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486602/; classtype:trojan-activity;sid:84349702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.226.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486600/; classtype:trojan-activity;sid:84349700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.204.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486601/; classtype:trojan-activity;sid:84349701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.117.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486599/; classtype:trojan-activity;sid:84349699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.204.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486598/; classtype:trojan-activity;sid:84349698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.45.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486597/; classtype:trojan-activity;sid:84349697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.11.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486596/; classtype:trojan-activity;sid:84349696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.112.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486595/; classtype:trojan-activity;sid:84349695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.236.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486594/; classtype:trojan-activity;sid:84349694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486593)"; flow:established,from_client; content:"GET"; http_method; content:"/4vetwd26w0.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486593/; classtype:trojan-activity;sid:84349693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.151.245.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486592/; classtype:trojan-activity;sid:84349692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.45.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486591/; classtype:trojan-activity;sid:84349691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486590)"; flow:established,from_client; content:"GET"; http_method; content:"/gkeio"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"spacefyu.today"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486590/; classtype:trojan-activity;sid:84349690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.11.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486589/; classtype:trojan-activity;sid:84349689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.121.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486588/; classtype:trojan-activity;sid:84349688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.105.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486586/; classtype:trojan-activity;sid:84349686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.112.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486587/; classtype:trojan-activity;sid:84349687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.85.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486585/; classtype:trojan-activity;sid:84349685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.151.245.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486584/; classtype:trojan-activity;sid:84349684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486583)"; flow:established,from_client; content:"GET"; http_method; content:"/54f93e4c9e4b381833ea400527326dbe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"asp.hankeringcrestedwrist.shop"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486583/; classtype:trojan-activity;sid:84349683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.112.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486581/; classtype:trojan-activity;sid:84349681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.153.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486582/; classtype:trojan-activity;sid:84349682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.85.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486580/; classtype:trojan-activity;sid:84349680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486579)"; flow:established,from_client; content:"GET"; http_method; content:"/zywmy14kiq.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486579/; classtype:trojan-activity;sid:84349679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.64.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486578/; classtype:trojan-activity;sid:84349678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.134.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486576/; classtype:trojan-activity;sid:84349676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.112.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486577/; classtype:trojan-activity;sid:84349677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.169.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486575/; classtype:trojan-activity;sid:84349675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"130.45.95.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486574/; classtype:trojan-activity;sid:84349674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.158.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486573/; classtype:trojan-activity;sid:84349673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.185.91.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486572/; classtype:trojan-activity;sid:84349672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486571)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.148.103.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486571/; classtype:trojan-activity;sid:84349671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486570)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.43.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486570/; classtype:trojan-activity;sid:84349670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486569/; classtype:trojan-activity;sid:84349669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.54.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486568/; classtype:trojan-activity;sid:84349668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.168.155.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486567/; classtype:trojan-activity;sid:84349667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486566)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.135.17.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486566/; classtype:trojan-activity;sid:84349666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486565)"; flow:established,from_client; content:"GET"; http_method; content:"/tam21vjt3g.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486565/; classtype:trojan-activity;sid:84349665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.193.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486564/; classtype:trojan-activity;sid:84349664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.187.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486563/; classtype:trojan-activity;sid:84349663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.49.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486562/; classtype:trojan-activity;sid:84349662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.4.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486561/; classtype:trojan-activity;sid:84349661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.216.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486560/; classtype:trojan-activity;sid:84349660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"130.45.95.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486559/; classtype:trojan-activity;sid:84349659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.169.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486558/; classtype:trojan-activity;sid:84349658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.128.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486557/; classtype:trojan-activity;sid:84349657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.4.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486556/; classtype:trojan-activity;sid:84349656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.187.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486555/; classtype:trojan-activity;sid:84349655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.138.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486554/; classtype:trojan-activity;sid:84349654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.128.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486553/; classtype:trojan-activity;sid:84349653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.216.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486552/; classtype:trojan-activity;sid:84349652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486551)"; flow:established,from_client; content:"GET"; http_method; content:"//arm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"42.112.26.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486551/; classtype:trojan-activity;sid:84349651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.193.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486550/; classtype:trojan-activity;sid:84349650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.208.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486549/; classtype:trojan-activity;sid:84349649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.119.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486548/; classtype:trojan-activity;sid:84349648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.29.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486547/; classtype:trojan-activity;sid:84349647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486546)"; flow:established,from_client; content:"GET"; http_method; content:"/d39abmy9wy.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486546/; classtype:trojan-activity;sid:84349646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.206.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486545/; classtype:trojan-activity;sid:84349645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.159.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486544/; classtype:trojan-activity;sid:84349644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.96.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486543/; classtype:trojan-activity;sid:84349643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.21.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486542/; classtype:trojan-activity;sid:84349642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.87.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486541/; classtype:trojan-activity;sid:84349641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.33.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486540/; classtype:trojan-activity;sid:84349640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.221.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486537/; classtype:trojan-activity;sid:84349637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.245.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486538/; classtype:trojan-activity;sid:84349638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486539/; classtype:trojan-activity;sid:84349639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.178.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486535/; classtype:trojan-activity;sid:84349635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.123.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486536/; classtype:trojan-activity;sid:84349636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.21.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486534/; classtype:trojan-activity;sid:84349634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.159.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486533/; classtype:trojan-activity;sid:84349633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.155.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486532/; classtype:trojan-activity;sid:84349632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.86.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486531/; classtype:trojan-activity;sid:84349631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.83.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486530/; classtype:trojan-activity;sid:84349630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.206.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486529/; classtype:trojan-activity;sid:84349629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.250.17.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486528/; classtype:trojan-activity;sid:84349628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.87.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486527/; classtype:trojan-activity;sid:84349627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.123.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486525/; classtype:trojan-activity;sid:84349625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.249.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486526/; classtype:trojan-activity;sid:84349626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"97.81.149.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486524/; classtype:trojan-activity;sid:84349624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486523/; classtype:trojan-activity;sid:84349623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486522/; classtype:trojan-activity;sid:84349622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486521)"; flow:established,from_client; content:"GET"; http_method; content:"/45q4hywmi7.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486521/; classtype:trojan-activity;sid:84349621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.178.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486520/; classtype:trojan-activity;sid:84349620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.141.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486519/; classtype:trojan-activity;sid:84349619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.173.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486517/; classtype:trojan-activity;sid:84349617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.86.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486518/; classtype:trojan-activity;sid:84349618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486516/; classtype:trojan-activity;sid:84349616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.113.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486515/; classtype:trojan-activity;sid:84349615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.94.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486514/; classtype:trojan-activity;sid:84349614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486513/; classtype:trojan-activity;sid:84349613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.136.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486512/; classtype:trojan-activity;sid:84349612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"97.81.149.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486511/; classtype:trojan-activity;sid:84349611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.21.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486510/; classtype:trojan-activity;sid:84349610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.134.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486509/; classtype:trojan-activity;sid:84349609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.29.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486508/; classtype:trojan-activity;sid:84349608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.83.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486507/; classtype:trojan-activity;sid:84349607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.188.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486506/; classtype:trojan-activity;sid:84349606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.75.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486505/; classtype:trojan-activity;sid:84349605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.97.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486504/; classtype:trojan-activity;sid:84349604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.3.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486503/; classtype:trojan-activity;sid:84349603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.83.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486502/; classtype:trojan-activity;sid:84349602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.102.189.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486501/; classtype:trojan-activity;sid:84349601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.237.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486500/; classtype:trojan-activity;sid:84349600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.184.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486498/; classtype:trojan-activity;sid:84349598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486499)"; flow:established,from_client; content:"GET"; http_method; content:"/iueghfjfxc.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486499/; classtype:trojan-activity;sid:84349599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.97.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486497/; classtype:trojan-activity;sid:84349597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.75.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486496/; classtype:trojan-activity;sid:84349596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.3.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486495/; classtype:trojan-activity;sid:84349595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.87.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486494/; classtype:trojan-activity;sid:84349594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486483)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"webdiskwebdisk.webprocediweb.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486483/; classtype:trojan-activity;sid:84349583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486484)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"webdiskwebdisk.webprocediweb.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486484/; classtype:trojan-activity;sid:84349584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486485)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"webdiskwebdisk.webprocediweb.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486485/; classtype:trojan-activity;sid:84349585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486486)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"webdiskwebdisk.webprocediweb.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486486/; classtype:trojan-activity;sid:84349586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486487)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"webdiskwebdisk.webprocediweb.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486487/; classtype:trojan-activity;sid:84349587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486488)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"webdiskwebdisk.webprocediweb.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486488/; classtype:trojan-activity;sid:84349588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486489)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"webdiskwebdisk.webprocediweb.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486489/; classtype:trojan-activity;sid:84349589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486490)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"webdiskwebdisk.webprocediweb.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486490/; classtype:trojan-activity;sid:84349590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486491)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"webdiskwebdisk.webprocediweb.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486491/; classtype:trojan-activity;sid:84349591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486492)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"webdiskwebdisk.webprocediweb.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486492/; classtype:trojan-activity;sid:84349592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486493)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"webdiskwebdisk.webprocediweb.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486493/; classtype:trojan-activity;sid:84349593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486482)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"webdiskwebdisk.webprocediweb.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486482/; classtype:trojan-activity;sid:84349582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.237.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486481/; classtype:trojan-activity;sid:84349581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.184.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486480/; classtype:trojan-activity;sid:84349580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.36.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486479/; classtype:trojan-activity;sid:84349579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.29.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486478/; classtype:trojan-activity;sid:84349578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"74.214.56.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486477/; classtype:trojan-activity;sid:84349577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.223.20.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486476/; classtype:trojan-activity;sid:84349576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.223.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486475/; classtype:trojan-activity;sid:84349575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.222.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486474/; classtype:trojan-activity;sid:84349574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486473)"; flow:established,from_client; content:"GET"; http_method; content:"/fqcj89uxe1.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486473/; classtype:trojan-activity;sid:84349573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.173.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486472/; classtype:trojan-activity;sid:84349572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486471/; classtype:trojan-activity;sid:84349571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.33.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486470/; classtype:trojan-activity;sid:84349570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.214.56.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486469/; classtype:trojan-activity;sid:84349569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.226.0.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486468/; classtype:trojan-activity;sid:84349568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.80.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486467/; classtype:trojan-activity;sid:84349567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.109.243.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486466/; classtype:trojan-activity;sid:84349566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.223.20.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486465/; classtype:trojan-activity;sid:84349565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.223.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486464/; classtype:trojan-activity;sid:84349564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.19.75.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486463/; classtype:trojan-activity;sid:84349563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.4.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486462/; classtype:trojan-activity;sid:84349562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.91.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486461/; classtype:trojan-activity;sid:84349561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.232.78.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486460/; classtype:trojan-activity;sid:84349560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.245.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486459/; classtype:trojan-activity;sid:84349559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.232.78.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486458/; classtype:trojan-activity;sid:84349558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.0.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486457/; classtype:trojan-activity;sid:84349557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.23.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486456/; classtype:trojan-activity;sid:84349556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.4.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486455/; classtype:trojan-activity;sid:84349555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.110.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486454/; classtype:trojan-activity;sid:84349554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.109.243.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486453/; classtype:trojan-activity;sid:84349553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.19.75.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486452/; classtype:trojan-activity;sid:84349552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.236.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486451/; classtype:trojan-activity;sid:84349551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486449)"; flow:established,from_client; content:"GET"; http_method; content:"/.jae/galt.arm4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.39.70.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486449/; classtype:trojan-activity;sid:84349549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486450)"; flow:established,from_client; content:"GET"; http_method; content:"/.jae/galt.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.39.70.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486450/; classtype:trojan-activity;sid:84349550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486448)"; flow:established,from_client; content:"GET"; http_method; content:"/pn4pjp1h20.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486448/; classtype:trojan-activity;sid:84349548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.74.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486447/; classtype:trojan-activity;sid:84349547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.247.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486446/; classtype:trojan-activity;sid:84349546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.247.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486445/; classtype:trojan-activity;sid:84349545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.125.25.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486444/; classtype:trojan-activity;sid:84349544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.202.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486443/; classtype:trojan-activity;sid:84349543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.255.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486442/; classtype:trojan-activity;sid:84349542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.61.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486441/; classtype:trojan-activity;sid:84349541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.111.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486440/; classtype:trojan-activity;sid:84349540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.203.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486439/; classtype:trojan-activity;sid:84349539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486438)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.3.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486438/; classtype:trojan-activity;sid:84349538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486436)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.175.181.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486436/; classtype:trojan-activity;sid:84349536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.244.73.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486437/; classtype:trojan-activity;sid:84349537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.103.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486433/; classtype:trojan-activity;sid:84349533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486434/; classtype:trojan-activity;sid:84349534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486435)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.216.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486435/; classtype:trojan-activity;sid:84349535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486431)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.88.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486431/; classtype:trojan-activity;sid:84349531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.12.186.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486432/; classtype:trojan-activity;sid:84349532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.202.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486430/; classtype:trojan-activity;sid:84349530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486429)"; flow:established,from_client; content:"GET"; http_method; content:"/o634qa4nta.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486429/; classtype:trojan-activity;sid:84349529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.54.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486428/; classtype:trojan-activity;sid:84349528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.165.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486427/; classtype:trojan-activity;sid:84349527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.241.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486426/; classtype:trojan-activity;sid:84349526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.165.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486425/; classtype:trojan-activity;sid:84349525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.232.19.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486424/; classtype:trojan-activity;sid:84349524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.103.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486423/; classtype:trojan-activity;sid:84349523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.125.25.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486422/; classtype:trojan-activity;sid:84349522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.105.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486421/; classtype:trojan-activity;sid:84349521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.140.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486420/; classtype:trojan-activity;sid:84349520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.131.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486419/; classtype:trojan-activity;sid:84349519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.54.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486418/; classtype:trojan-activity;sid:84349518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.241.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486417/; classtype:trojan-activity;sid:84349517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.179.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486416/; classtype:trojan-activity;sid:84349516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.122.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486415/; classtype:trojan-activity;sid:84349515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.50.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486414/; classtype:trojan-activity;sid:84349514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.218.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486413/; classtype:trojan-activity;sid:84349513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.103.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486412/; classtype:trojan-activity;sid:84349512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486410)"; flow:established,from_client; content:"GET"; http_method; content:"/sl"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.125.66.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486410/; classtype:trojan-activity;sid:84349510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486411)"; flow:established,from_client; content:"GET"; http_method; content:"/cb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.125.66.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486411/; classtype:trojan-activity;sid:84349511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486409)"; flow:established,from_client; content:"GET"; http_method; content:"/sb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.125.66.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486409/; classtype:trojan-activity;sid:84349509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486408)"; flow:established,from_client; content:"GET"; http_method; content:"/cl"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.125.66.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486408/; classtype:trojan-activity;sid:84349508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.59.244.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486407/; classtype:trojan-activity;sid:84349507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486406)"; flow:established,from_client; content:"GET"; http_method; content:"/7dmej2tbdz.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486406/; classtype:trojan-activity;sid:84349506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.218.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486405/; classtype:trojan-activity;sid:84349505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.132.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486403/; classtype:trojan-activity;sid:84349503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.136.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486404/; classtype:trojan-activity;sid:84349504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486402/; classtype:trojan-activity;sid:84349502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.230.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486401/; classtype:trojan-activity;sid:84349501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.136.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486400/; classtype:trojan-activity;sid:84349500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.36.119.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486399/; classtype:trojan-activity;sid:84349499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.230.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486398/; classtype:trojan-activity;sid:84349498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.22.225"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486396/; classtype:trojan-activity;sid:84349496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.136.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486397/; classtype:trojan-activity;sid:84349497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.160.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486395/; classtype:trojan-activity;sid:84349495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.168.8.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486394/; classtype:trojan-activity;sid:84349494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.33.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486393/; classtype:trojan-activity;sid:84349493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.36.119.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486392/; classtype:trojan-activity;sid:84349492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.117.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486391/; classtype:trojan-activity;sid:84349491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486390)"; flow:established,from_client; content:"GET"; http_method; content:"/0e2yez3naj.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486390/; classtype:trojan-activity;sid:84349490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.112.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486389/; classtype:trojan-activity;sid:84349489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.160.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486388/; classtype:trojan-activity;sid:84349488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.151.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486387/; classtype:trojan-activity;sid:84349487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.85.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486385/; classtype:trojan-activity;sid:84349485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.35.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486386/; classtype:trojan-activity;sid:84349486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.66.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486384/; classtype:trojan-activity;sid:84349484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.151.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486383/; classtype:trojan-activity;sid:84349483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.117.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486381/; classtype:trojan-activity;sid:84349481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.137.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486382/; classtype:trojan-activity;sid:84349482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.112.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486380/; classtype:trojan-activity;sid:84349480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.88.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486379/; classtype:trojan-activity;sid:84349479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"108.168.8.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486378/; classtype:trojan-activity;sid:84349478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.92.176.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486377/; classtype:trojan-activity;sid:84349477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.137.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486376/; classtype:trojan-activity;sid:84349476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.232.239.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486375/; classtype:trojan-activity;sid:84349475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.207.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486374/; classtype:trojan-activity;sid:84349474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.23.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486373/; classtype:trojan-activity;sid:84349473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.131.92.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486372/; classtype:trojan-activity;sid:84349472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.85.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486371/; classtype:trojan-activity;sid:84349471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.194.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486370/; classtype:trojan-activity;sid:84349470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.176.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486369/; classtype:trojan-activity;sid:84349469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.233.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486368/; classtype:trojan-activity;sid:84349468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.114.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486367/; classtype:trojan-activity;sid:84349467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.232.239.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486366/; classtype:trojan-activity;sid:84349466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.132.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486365/; classtype:trojan-activity;sid:84349465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.15.10.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486363/; classtype:trojan-activity;sid:84349463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.223.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486364/; classtype:trojan-activity;sid:84349464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.19.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486362/; classtype:trojan-activity;sid:84349462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.24.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486361/; classtype:trojan-activity;sid:84349461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.0.41"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486360/; classtype:trojan-activity;sid:84349460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486359)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.112.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486359/; classtype:trojan-activity;sid:84349459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.180.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486357/; classtype:trojan-activity;sid:84349457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.191.13.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486358/; classtype:trojan-activity;sid:84349458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486356)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.211.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486356/; classtype:trojan-activity;sid:84349456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486355)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.86.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486355/; classtype:trojan-activity;sid:84349455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486354)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.35.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486354/; classtype:trojan-activity;sid:84349454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486352)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.252.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486352/; classtype:trojan-activity;sid:84349452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486353)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.152.9.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486353/; classtype:trojan-activity;sid:84349453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486351)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.124.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486351/; classtype:trojan-activity;sid:84349451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486350)"; flow:established,from_client; content:"GET"; http_method; content:"/udftkvy0qi.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486350/; classtype:trojan-activity;sid:84349450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.221.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486349/; classtype:trojan-activity;sid:84349449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.66.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486348/; classtype:trojan-activity;sid:84349448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.136.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486347/; classtype:trojan-activity;sid:84349447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.194.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486346/; classtype:trojan-activity;sid:84349446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.114.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486345/; classtype:trojan-activity;sid:84349445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.208.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486344/; classtype:trojan-activity;sid:84349444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.17.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486342/; classtype:trojan-activity;sid:84349442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.80.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486343/; classtype:trojan-activity;sid:84349443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.63.198.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486341/; classtype:trojan-activity;sid:84349441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.61.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486340/; classtype:trojan-activity;sid:84349440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.82.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486339/; classtype:trojan-activity;sid:84349439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.231.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486338/; classtype:trojan-activity;sid:84349438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.130.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486337/; classtype:trojan-activity;sid:84349437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.132.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486336/; classtype:trojan-activity;sid:84349436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.81.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486335/; classtype:trojan-activity;sid:84349435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.75.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486334/; classtype:trojan-activity;sid:84349434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.163.57.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486333/; classtype:trojan-activity;sid:84349433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.70.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486332/; classtype:trojan-activity;sid:84349432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.43.45.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486331/; classtype:trojan-activity;sid:84349431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.208.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486330/; classtype:trojan-activity;sid:84349430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.82.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486329/; classtype:trojan-activity;sid:84349429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.81.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486328/; classtype:trojan-activity;sid:84349428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486327/; classtype:trojan-activity;sid:84349427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.75.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486326/; classtype:trojan-activity;sid:84349426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.203.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486324/; classtype:trojan-activity;sid:84349424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.70.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486325/; classtype:trojan-activity;sid:84349425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486323)"; flow:established,from_client; content:"GET"; http_method; content:"/iz4ps4liac.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486323/; classtype:trojan-activity;sid:84349423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.34.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486322/; classtype:trojan-activity;sid:84349422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.80.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486320/; classtype:trojan-activity;sid:84349420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.43.45.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486321/; classtype:trojan-activity;sid:84349421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.62.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486319/; classtype:trojan-activity;sid:84349419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.186.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486318/; classtype:trojan-activity;sid:84349418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.62.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486317/; classtype:trojan-activity;sid:84349417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.188.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486316/; classtype:trojan-activity;sid:84349416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.17.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486315/; classtype:trojan-activity;sid:84349415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.32.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486314/; classtype:trojan-activity;sid:84349414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486309)"; flow:established,from_client; content:"GET"; http_method; content:"/file/kenttt.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486309/; classtype:trojan-activity;sid:84349409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486310)"; flow:established,from_client; content:"GET"; http_method; content:"/file/new.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486310/; classtype:trojan-activity;sid:84349410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486311)"; flow:established,from_client; content:"GET"; http_method; content:"/file/mulk.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486311/; classtype:trojan-activity;sid:84349411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486312)"; flow:established,from_client; content:"GET"; http_method; content:"/file/yg.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486312/; classtype:trojan-activity;sid:84349412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486313)"; flow:established,from_client; content:"GET"; http_method; content:"/file/guybin.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486313/; classtype:trojan-activity;sid:84349413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486308)"; flow:established,from_client; content:"GET"; http_method; content:"/file/devil.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486308/; classtype:trojan-activity;sid:84349408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486307)"; flow:established,from_client; content:"GET"; http_method; content:"/file/xenn.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486307/; classtype:trojan-activity;sid:84349407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.203.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486306/; classtype:trojan-activity;sid:84349406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.186.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486305/; classtype:trojan-activity;sid:84349405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.106.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486304/; classtype:trojan-activity;sid:84349404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.170.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486303/; classtype:trojan-activity;sid:84349403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.128.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486302/; classtype:trojan-activity;sid:84349402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.55.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486301/; classtype:trojan-activity;sid:84349401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.103.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486300/; classtype:trojan-activity;sid:84349400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.94.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486299/; classtype:trojan-activity;sid:84349399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.27.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486298/; classtype:trojan-activity;sid:84349398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.56.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486297/; classtype:trojan-activity;sid:84349397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.170.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486296/; classtype:trojan-activity;sid:84349396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486294)"; flow:established,from_client; content:"GET"; http_method; content:"/3pxblqlrcc.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486294/; classtype:trojan-activity;sid:84349394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.71.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486293/; classtype:trojan-activity;sid:84349393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.32.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486292/; classtype:trojan-activity;sid:84349392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.69.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486291/; classtype:trojan-activity;sid:84349391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.165.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486290/; classtype:trojan-activity;sid:84349390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.106.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486289/; classtype:trojan-activity;sid:84349389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.4.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486288/; classtype:trojan-activity;sid:84349388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.56.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486287/; classtype:trojan-activity;sid:84349387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.16.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486286/; classtype:trojan-activity;sid:84349386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.232.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486284/; classtype:trojan-activity;sid:84349384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.34.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486285/; classtype:trojan-activity;sid:84349385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.103.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486283/; classtype:trojan-activity;sid:84349383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.119.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486281/; classtype:trojan-activity;sid:84349381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.165.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486282/; classtype:trojan-activity;sid:84349382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.84.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486280/; classtype:trojan-activity;sid:84349380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.32.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486279/; classtype:trojan-activity;sid:84349379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.212.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486278/; classtype:trojan-activity;sid:84349378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.71.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486277/; classtype:trojan-activity;sid:84349377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.69.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486276/; classtype:trojan-activity;sid:84349376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.25.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486275/; classtype:trojan-activity;sid:84349375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.232.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486274/; classtype:trojan-activity;sid:84349374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486273)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.24.147.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486273/; classtype:trojan-activity;sid:84349373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.162.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486271/; classtype:trojan-activity;sid:84349371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486272/; classtype:trojan-activity;sid:84349372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.84.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486270/; classtype:trojan-activity;sid:84349370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.212.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486269/; classtype:trojan-activity;sid:84349369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486265)"; flow:established,from_client; content:"GET"; http_method; content:"/repos/billdev1/abbt/contents/content/icon.ico"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"api.github.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486265/; classtype:trojan-activity;sid:84349365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486266)"; flow:established,from_client; content:"GET"; http_method; content:"/repos/billdev1/abbt/contents/content/config.json"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"api.github.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486266/; classtype:trojan-activity;sid:84349366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486267)"; flow:established,from_client; content:"GET"; http_method; content:"/repos/billdev1/abbt/contents/content/db.html"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"api.github.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486267/; classtype:trojan-activity;sid:84349367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486268)"; flow:established,from_client; content:"GET"; http_method; content:"/repos/billdev1/abbt/contents/content/wpp.jpg"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"api.github.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486268/; classtype:trojan-activity;sid:84349368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.80.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486262/; classtype:trojan-activity;sid:84349362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.168.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486263/; classtype:trojan-activity;sid:84349363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.125.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486264/; classtype:trojan-activity;sid:84349364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.152.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486258/; classtype:trojan-activity;sid:84349358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.187.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486259/; classtype:trojan-activity;sid:84349359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.15.10.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486260/; classtype:trojan-activity;sid:84349360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.175.181.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486261/; classtype:trojan-activity;sid:84349361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.9.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486255/; classtype:trojan-activity;sid:84349355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.18.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486256/; classtype:trojan-activity;sid:84349356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.121.94.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486257/; classtype:trojan-activity;sid:84349357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.249.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486253/; classtype:trojan-activity;sid:84349353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486254)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.138.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486254/; classtype:trojan-activity;sid:84349354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.145.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486252/; classtype:trojan-activity;sid:84349352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.153.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486250/; classtype:trojan-activity;sid:84349350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.59.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486251/; classtype:trojan-activity;sid:84349351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486249)"; flow:established,from_client; content:"GET"; http_method; content:"/fnclocgo1s.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486249/; classtype:trojan-activity;sid:84349349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.118.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486248/; classtype:trojan-activity;sid:84349348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.25.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486247/; classtype:trojan-activity;sid:84349347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.196.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486246/; classtype:trojan-activity;sid:84349346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.0.90"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486245/; classtype:trojan-activity;sid:84349345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.249.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486244/; classtype:trojan-activity;sid:84349344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.233.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486243/; classtype:trojan-activity;sid:84349343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.161.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486242/; classtype:trojan-activity;sid:84349342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.70.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486241/; classtype:trojan-activity;sid:84349341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.214.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486240/; classtype:trojan-activity;sid:84349340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.12.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486239/; classtype:trojan-activity;sid:84349339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.211.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486238/; classtype:trojan-activity;sid:84349338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.59.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486237/; classtype:trojan-activity;sid:84349337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.146.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486236/; classtype:trojan-activity;sid:84349336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.153.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486235/; classtype:trojan-activity;sid:84349335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.9.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486234/; classtype:trojan-activity;sid:84349334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.249.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486233/; classtype:trojan-activity;sid:84349333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.233.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486232/; classtype:trojan-activity;sid:84349332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486231)"; flow:established,from_client; content:"GET"; http_method; content:"/rabbitmqjar/gw.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"208.87.207.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486231/; classtype:trojan-activity;sid:84349331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.214.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486230/; classtype:trojan-activity;sid:84349330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486229/; classtype:trojan-activity;sid:84349329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.212.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486228/; classtype:trojan-activity;sid:84349328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.31.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486227/; classtype:trojan-activity;sid:84349327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.88.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486226/; classtype:trojan-activity;sid:84349326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.93.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486225/; classtype:trojan-activity;sid:84349325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.134.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486224/; classtype:trojan-activity;sid:84349324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.78.253.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486223/; classtype:trojan-activity;sid:84349323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.80.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486222/; classtype:trojan-activity;sid:84349322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486221)"; flow:established,from_client; content:"GET"; http_method; content:"/smppqcrzun.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486221/; classtype:trojan-activity;sid:84349321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486220/; classtype:trojan-activity;sid:84349320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.113.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486219/; classtype:trojan-activity;sid:84349319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.88.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486218/; classtype:trojan-activity;sid:84349318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.102.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486217/; classtype:trojan-activity;sid:84349317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.54.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486216/; classtype:trojan-activity;sid:84349316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.31.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486215/; classtype:trojan-activity;sid:84349315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.90.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486214/; classtype:trojan-activity;sid:84349314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486212)"; flow:established,from_client; content:"GET"; http_method; content:"/cam.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bay-boy-mali-carter.trycloudflare.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486212/; classtype:trojan-activity;sid:84349312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486213)"; flow:established,from_client; content:"GET"; http_method; content:"/bab.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bay-boy-mali-carter.trycloudflare.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486213/; classtype:trojan-activity;sid:84349313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.102.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486211/; classtype:trojan-activity;sid:84349311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486208)"; flow:established,from_client; content:"GET"; http_method; content:"/pws.vbs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bay-boy-mali-carter.trycloudflare.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486208/; classtype:trojan-activity;sid:84349308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486209)"; flow:established,from_client; content:"GET"; http_method; content:"/new.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bay-boy-mali-carter.trycloudflare.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486209/; classtype:trojan-activity;sid:84349309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486210)"; flow:established,from_client; content:"GET"; http_method; content:"/startupppp.bat"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bay-boy-mali-carter.trycloudflare.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486210/; classtype:trojan-activity;sid:84349310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486206)"; flow:established,from_client; content:"GET"; http_method; content:"/pws1.vbs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bay-boy-mali-carter.trycloudflare.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486206/; classtype:trojan-activity;sid:84349306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486207)"; flow:established,from_client; content:"GET"; http_method; content:"/ftsp.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bay-boy-mali-carter.trycloudflare.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486207/; classtype:trojan-activity;sid:84349307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486205)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/a6650jgx58qc6k5m50247/celusionsetup.exe|3f|rlkey=4a5u7ah73w6xc0l4tdcrn0uxz|7c|26|7c|st=uk88wook|7c|26|7c|dl=1"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486205/; classtype:trojan-activity;sid:84349305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.249.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486204/; classtype:trojan-activity;sid:84349304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.93.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486203/; classtype:trojan-activity;sid:84349303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.18.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486202/; classtype:trojan-activity;sid:84349302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.196.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486201/; classtype:trojan-activity;sid:84349301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.118.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486200/; classtype:trojan-activity;sid:84349300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486199)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.ysozim.icu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486199/; classtype:trojan-activity;sid:84349299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.166.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486198/; classtype:trojan-activity;sid:84349298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486197/; classtype:trojan-activity;sid:84349297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.31.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486196/; classtype:trojan-activity;sid:84349296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.90.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486195/; classtype:trojan-activity;sid:84349295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.57.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486194/; classtype:trojan-activity;sid:84349294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486193)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.ozotuk.icu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486193/; classtype:trojan-activity;sid:84349293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486192)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"texasdispatchers.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486192/; classtype:trojan-activity;sid:84349292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486190)"; flow:established,from_client; content:"GET"; http_method; content:"/340.mp4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"texasdispatchers.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486190/; classtype:trojan-activity;sid:84349290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486191)"; flow:established,from_client; content:"GET"; http_method; content:"/logs.pdf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"texasdispatchers.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486191/; classtype:trojan-activity;sid:84349291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486189)"; flow:established,from_client; content:"GET"; http_method; content:"/x.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486189/; classtype:trojan-activity;sid:84349289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486188)"; flow:established,from_client; content:"GET"; http_method; content:"/9jhgm4gao6.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486188/; classtype:trojan-activity;sid:84349288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486187)"; flow:established,from_client; content:"GET"; http_method; content:"/fm_3313_46.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"confectionary.b-cdn.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486187/; classtype:trojan-activity;sid:84349287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486186)"; flow:established,from_client; content:"GET"; http_method; content:"/fm_3315_55.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"confectionary.b-cdn.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486186/; classtype:trojan-activity;sid:84349286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486185)"; flow:established,from_client; content:"GET"; http_method; content:"/bozario111/page1/raw/refs/heads/main/setup.msi"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486185/; classtype:trojan-activity;sid:84349285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486184)"; flow:established,from_client; content:"GET"; http_method; content:"/ilganrat342/dgasgxc/refs/heads/main/setup.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486184/; classtype:trojan-activity;sid:84349284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486182)"; flow:established,from_client; content:"GET"; http_method; content:"/hello12345678954875/fortnitespoofer/releases/download/overnumerous/fortnite-spoofer-overnumerous.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486182/; classtype:trojan-activity;sid:84349282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486183)"; flow:established,from_client; content:"GET"; http_method; content:"/lawrencesanity1108/gta-5-mod-menu-2024/releases/download/v1.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486183/; classtype:trojan-activity;sid:84349283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486181)"; flow:established,from_client; content:"GET"; http_method; content:"/bialadavid/fivem-onx-handling-editor/releases/download/v2.1.6/fivem-onx-handling-editor-v2.1.6.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486181/; classtype:trojan-activity;sid:84349281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486178)"; flow:established,from_client; content:"GET"; http_method; content:"/setup.msi"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pub-c7b31ab9decd4a2684fcd9fc90862261.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486178/; classtype:trojan-activity;sid:84349278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486179)"; flow:established,from_client; content:"GET"; http_method; content:"/minedreamback/mod-gta5/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486179/; classtype:trojan-activity;sid:84349279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486180)"; flow:established,from_client; content:"GET"; http_method; content:"/r2spamonyoutube/fivem-onx-handling-editor/releases/download/v1.0/program.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486180/; classtype:trojan-activity;sid:84349280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486174)"; flow:established,from_client; content:"GET"; http_method; content:"/wearetuanmuda/gta-5-mod-menu-2025/releases/download/v1.4.2/gta.5.mod.menu.2025.v1.4.2.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486174/; classtype:trojan-activity;sid:84349274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486175)"; flow:established,from_client; content:"GET"; http_method; content:"/potatowearsyeeezye/gta-5-mod-menu-2025/releases/download/3.7.2/gta-5-mod-menu-2025-v3.7.2.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486175/; classtype:trojan-activity;sid:84349275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486176)"; flow:established,from_client; content:"GET"; http_method; content:"/hackermanisdumb/mod-gta5/releases/download/v1.0/app.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486176/; classtype:trojan-activity;sid:84349276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486177)"; flow:established,from_client; content:"GET"; http_method; content:"/theadvocate0089/freeroam/releases/download/phillipsine/freeroam-phillipsine.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486177/; classtype:trojan-activity;sid:84349277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486173)"; flow:established,from_client; content:"GET"; http_method; content:"/amongusasdadsd21/fivem-onx-handling-editor/releases/download/v2.9.6/fivem-onx-handling-editor-v2.9.6.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486173/; classtype:trojan-activity;sid:84349273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486172)"; flow:established,from_client; content:"GET"; http_method; content:"/subir-090/m0dmenu-gta5-free/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486172/; classtype:trojan-activity;sid:84349272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486171)"; flow:established,from_client; content:"GET"; http_method; content:"/packet-star/sturdy-couscous/releases/download/new/script.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486171/; classtype:trojan-activity;sid:84349271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.212.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486170/; classtype:trojan-activity;sid:84349270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.166.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486169/; classtype:trojan-activity;sid:84349269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.121.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486168/; classtype:trojan-activity;sid:84349268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.119.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486167/; classtype:trojan-activity;sid:84349267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.35.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486166/; classtype:trojan-activity;sid:84349266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.196.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486165/; classtype:trojan-activity;sid:84349265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.31.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486164/; classtype:trojan-activity;sid:84349264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.121.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486163/; classtype:trojan-activity;sid:84349263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.145.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486162/; classtype:trojan-activity;sid:84349262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.159.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486161/; classtype:trojan-activity;sid:84349261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.234.18.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486160/; classtype:trojan-activity;sid:84349260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.250.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486159/; classtype:trojan-activity;sid:84349259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.177.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486158/; classtype:trojan-activity;sid:84349258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.145.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486157/; classtype:trojan-activity;sid:84349257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.83.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486156/; classtype:trojan-activity;sid:84349256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.195.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486155/; classtype:trojan-activity;sid:84349255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.138.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486154/; classtype:trojan-activity;sid:84349254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.78.253.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486153/; classtype:trojan-activity;sid:84349253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.28.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486152/; classtype:trojan-activity;sid:84349252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.119.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486151/; classtype:trojan-activity;sid:84349251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.234.18.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486150/; classtype:trojan-activity;sid:84349250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.159.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486149/; classtype:trojan-activity;sid:84349249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.83.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486148/; classtype:trojan-activity;sid:84349248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.29.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486147/; classtype:trojan-activity;sid:84349247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.85.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486146/; classtype:trojan-activity;sid:84349246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.238.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486145/; classtype:trojan-activity;sid:84349245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.195.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486144/; classtype:trojan-activity;sid:84349244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.138.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486143/; classtype:trojan-activity;sid:84349243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486142)"; flow:established,from_client; content:"GET"; http_method; content:"/c8c0yzr2ng.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486142/; classtype:trojan-activity;sid:84349242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.27.35.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486141/; classtype:trojan-activity;sid:84349241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.89.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486140/; classtype:trojan-activity;sid:84349240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.60.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486139/; classtype:trojan-activity;sid:84349239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.238.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486138/; classtype:trojan-activity;sid:84349238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486137/; classtype:trojan-activity;sid:84349237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.28.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486136/; classtype:trojan-activity;sid:84349236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.80.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486135/; classtype:trojan-activity;sid:84349235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.169.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486134/; classtype:trojan-activity;sid:84349234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.29.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486133/; classtype:trojan-activity;sid:84349233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.148.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486132/; classtype:trojan-activity;sid:84349232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.79.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486131/; classtype:trojan-activity;sid:84349231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.63.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486130/; classtype:trojan-activity;sid:84349230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.190.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486129/; classtype:trojan-activity;sid:84349229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.27.35.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486128/; classtype:trojan-activity;sid:84349228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.180.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486127/; classtype:trojan-activity;sid:84349227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.222.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486126/; classtype:trojan-activity;sid:84349226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.132.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486125/; classtype:trojan-activity;sid:84349225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.150.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486124/; classtype:trojan-activity;sid:84349224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.89.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486123/; classtype:trojan-activity;sid:84349223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.82.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486122/; classtype:trojan-activity;sid:84349222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.148.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486121/; classtype:trojan-activity;sid:84349221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.60.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486120/; classtype:trojan-activity;sid:84349220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.52.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486119/; classtype:trojan-activity;sid:84349219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.248.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486118/; classtype:trojan-activity;sid:84349218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.242.128.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486117/; classtype:trojan-activity;sid:84349217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.190.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486116/; classtype:trojan-activity;sid:84349216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.180.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486115/; classtype:trojan-activity;sid:84349215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.6.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486114/; classtype:trojan-activity;sid:84349214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.63.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486113/; classtype:trojan-activity;sid:84349213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.79.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486112/; classtype:trojan-activity;sid:84349212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.123.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486111/; classtype:trojan-activity;sid:84349211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.179.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486110/; classtype:trojan-activity;sid:84349210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.38.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486109/; classtype:trojan-activity;sid:84349209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.61.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486108/; classtype:trojan-activity;sid:84349208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.96.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486107/; classtype:trojan-activity;sid:84349207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.150.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486106/; classtype:trojan-activity;sid:84349206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.198.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486105/; classtype:trojan-activity;sid:84349205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486104)"; flow:established,from_client; content:"GET"; http_method; content:"/8twojl66ch.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486104/; classtype:trojan-activity;sid:84349204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.108.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486103/; classtype:trojan-activity;sid:84349203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.94.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486102/; classtype:trojan-activity;sid:84349202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.242.128.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486101/; classtype:trojan-activity;sid:84349201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.112.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486100/; classtype:trojan-activity;sid:84349200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.87.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486099/; classtype:trojan-activity;sid:84349199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.187.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486098/; classtype:trojan-activity;sid:84349198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.116.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486097/; classtype:trojan-activity;sid:84349197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.179.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486095/; classtype:trojan-activity;sid:84349195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.108.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486096/; classtype:trojan-activity;sid:84349196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.37.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486094/; classtype:trojan-activity;sid:84349194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.246.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486093/; classtype:trojan-activity;sid:84349193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.233.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486092/; classtype:trojan-activity;sid:84349192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.247.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486091/; classtype:trojan-activity;sid:84349191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.115.84.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486090/; classtype:trojan-activity;sid:84349190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.64.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486089/; classtype:trojan-activity;sid:84349189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.235.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486088/; classtype:trojan-activity;sid:84349188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.250.17.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486087/; classtype:trojan-activity;sid:84349187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.109.199.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486086/; classtype:trojan-activity;sid:84349186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.240.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486085/; classtype:trojan-activity;sid:84349185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.116.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486084/; classtype:trojan-activity;sid:84349184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.249.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486083/; classtype:trojan-activity;sid:84349183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.246.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486082/; classtype:trojan-activity;sid:84349182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.37.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486081/; classtype:trojan-activity;sid:84349181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.63.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486080/; classtype:trojan-activity;sid:84349180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.2.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486079/; classtype:trojan-activity;sid:84349179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.177.28.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486078/; classtype:trojan-activity;sid:84349178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.208.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486077/; classtype:trojan-activity;sid:84349177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.102.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486076/; classtype:trojan-activity;sid:84349176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486075/; classtype:trojan-activity;sid:84349175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.235.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486074/; classtype:trojan-activity;sid:84349174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.63.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486073/; classtype:trojan-activity;sid:84349173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.139.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486072/; classtype:trojan-activity;sid:84349172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486071)"; flow:established,from_client; content:"GET"; http_method; content:"/dm3oriol9j.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486071/; classtype:trojan-activity;sid:84349171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.251.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486070/; classtype:trojan-activity;sid:84349170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.2.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486069/; classtype:trojan-activity;sid:84349169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.63.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486068/; classtype:trojan-activity;sid:84349168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.60.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486067/; classtype:trojan-activity;sid:84349167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.2.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486066/; classtype:trojan-activity;sid:84349166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.206.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486065/; classtype:trojan-activity;sid:84349165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486064/; classtype:trojan-activity;sid:84349164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.109.199.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486063/; classtype:trojan-activity;sid:84349163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.240.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486062/; classtype:trojan-activity;sid:84349162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.102.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486061/; classtype:trojan-activity;sid:84349161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.131.60.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486060/; classtype:trojan-activity;sid:84349160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.139.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486058/; classtype:trojan-activity;sid:84349158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.240.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486059/; classtype:trojan-activity;sid:84349159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.49.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486057/; classtype:trojan-activity;sid:84349157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.60.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486056/; classtype:trojan-activity;sid:84349156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.2.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486054/; classtype:trojan-activity;sid:84349154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.25.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486055/; classtype:trojan-activity;sid:84349155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486053/; classtype:trojan-activity;sid:84349153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.206.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486052/; classtype:trojan-activity;sid:84349152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.98.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486051/; classtype:trojan-activity;sid:84349151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.2.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486050/; classtype:trojan-activity;sid:84349150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.235.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486049/; classtype:trojan-activity;sid:84349149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.36.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486048/; classtype:trojan-activity;sid:84349148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.57.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486047/; classtype:trojan-activity;sid:84349147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.52.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486046/; classtype:trojan-activity;sid:84349146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.197.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486045/; classtype:trojan-activity;sid:84349145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.253.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486044/; classtype:trojan-activity;sid:84349144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.206.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486043/; classtype:trojan-activity;sid:84349143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.2.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486042/; classtype:trojan-activity;sid:84349142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486041/; classtype:trojan-activity;sid:84349141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.131.60.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486040/; classtype:trojan-activity;sid:84349140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.49.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486039/; classtype:trojan-activity;sid:84349139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.129.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486038/; classtype:trojan-activity;sid:84349138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.212.163.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486037/; classtype:trojan-activity;sid:84349137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486036/; classtype:trojan-activity;sid:84349136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.175.180.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486035/; classtype:trojan-activity;sid:84349135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.170.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486031/; classtype:trojan-activity;sid:84349131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.148.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486032/; classtype:trojan-activity;sid:84349132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.170.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486033/; classtype:trojan-activity;sid:84349133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.81.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486034/; classtype:trojan-activity;sid:84349134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.148.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486030/; classtype:trojan-activity;sid:84349130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486029/; classtype:trojan-activity;sid:84349129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486027/; classtype:trojan-activity;sid:84349127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.228.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486028/; classtype:trojan-activity;sid:84349128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.103.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486026/; classtype:trojan-activity;sid:84349126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.9.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486025/; classtype:trojan-activity;sid:84349125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.176.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486024/; classtype:trojan-activity;sid:84349124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486023)"; flow:established,from_client; content:"GET"; http_method; content:"/2zdz888kme.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486023/; classtype:trojan-activity;sid:84349123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.59.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486022/; classtype:trojan-activity;sid:84349122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.38.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486021/; classtype:trojan-activity;sid:84349121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.224.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486020/; classtype:trojan-activity;sid:84349120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.91.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486019/; classtype:trojan-activity;sid:84349119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.129.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486018/; classtype:trojan-activity;sid:84349118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486017/; classtype:trojan-activity;sid:84349117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.117.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486016/; classtype:trojan-activity;sid:84349116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.117.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486015/; classtype:trojan-activity;sid:84349115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.211.226.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486014/; classtype:trojan-activity;sid:84349114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.86.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486013/; classtype:trojan-activity;sid:84349113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.120.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486012/; classtype:trojan-activity;sid:84349112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.123.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486011/; classtype:trojan-activity;sid:84349111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.250.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486010/; classtype:trojan-activity;sid:84349110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.203.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486009/; classtype:trojan-activity;sid:84349109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.200.124.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486008/; classtype:trojan-activity;sid:84349108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486007/; classtype:trojan-activity;sid:84349107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.187.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486006/; classtype:trojan-activity;sid:84349106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486005)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.zoommeetspace.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486005/; classtype:trojan-activity;sid:84349105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.2.135.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486004/; classtype:trojan-activity;sid:84349104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.86.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486003/; classtype:trojan-activity;sid:84349103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.59.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486002/; classtype:trojan-activity;sid:84349102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.89.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486001/; classtype:trojan-activity;sid:84349101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.170.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486000/; classtype:trojan-activity;sid:84349100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.8.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485999/; classtype:trojan-activity;sid:84349099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485998)"; flow:established,from_client; content:"GET"; http_method; content:"/main"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.138.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485998/; classtype:trojan-activity;sid:84349098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485997)"; flow:established,from_client; content:"GET"; http_method; content:"/45343534.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.138.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485997/; classtype:trojan-activity;sid:84349097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.204.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485996/; classtype:trojan-activity;sid:84349096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485993)"; flow:established,from_client; content:"GET"; http_method; content:"/gang.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.138.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485993/; classtype:trojan-activity;sid:84349093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485994)"; flow:established,from_client; content:"GET"; http_method; content:"/si.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.138.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485994/; classtype:trojan-activity;sid:84349094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485995)"; flow:established,from_client; content:"GET"; http_method; content:"/88.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.138.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485995/; classtype:trojan-activity;sid:84349095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485990)"; flow:established,from_client; content:"GET"; http_method; content:"/88"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.65.138.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485990/; classtype:trojan-activity;sid:84349090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485991)"; flow:established,from_client; content:"GET"; http_method; content:"/jgang.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.138.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485991/; classtype:trojan-activity;sid:84349091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485992)"; flow:established,from_client; content:"GET"; http_method; content:"/gang2.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.138.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485992/; classtype:trojan-activity;sid:84349092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485989/; classtype:trojan-activity;sid:84349089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485988)"; flow:established,from_client; content:"GET"; http_method; content:"/kbt9pbq2qr.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.dormitoryzoom.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485988/; classtype:trojan-activity;sid:84349088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.200.124.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485987/; classtype:trojan-activity;sid:84349087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.224.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485986/; classtype:trojan-activity;sid:84349086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.123.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485985/; classtype:trojan-activity;sid:84349085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.134.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485984/; classtype:trojan-activity;sid:84349084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.22.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485983/; classtype:trojan-activity;sid:84349083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.187.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485982/; classtype:trojan-activity;sid:84349082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.164.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485981/; classtype:trojan-activity;sid:84349081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.168.41.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485980/; classtype:trojan-activity;sid:84349080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.89.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485979/; classtype:trojan-activity;sid:84349079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485977)"; flow:established,from_client; content:"GET"; http_method; content:"/1.ps1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.183.17.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485977/; classtype:trojan-activity;sid:84349077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485978)"; flow:established,from_client; content:"GET"; http_method; content:"/2.ps1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.183.17.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485978/; classtype:trojan-activity;sid:84349078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485976)"; flow:established,from_client; content:"GET"; http_method; content:"/2.zip"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.219.103.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485976/; classtype:trojan-activity;sid:84349076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485975)"; flow:established,from_client; content:"GET"; http_method; content:"/1.url"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.219.103.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485975/; classtype:trojan-activity;sid:84349075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485973)"; flow:established,from_client; content:"GET"; http_method; content:"/test.msi"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8.219.103.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485973/; classtype:trojan-activity;sid:84349073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485974)"; flow:established,from_client; content:"GET"; http_method; content:"/test%20%282%29.msi"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"8.219.103.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485974/; classtype:trojan-activity;sid:84349074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.15.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485972/; classtype:trojan-activity;sid:84349072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.8.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485971/; classtype:trojan-activity;sid:84349071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485970)"; flow:established,from_client; content:"GET"; http_method; content:"/march--pdf11.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"194.163.151.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485970/; classtype:trojan-activity;sid:84349070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485967)"; flow:established,from_client; content:"GET"; http_method; content:"/inv"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"194.163.151.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485967/; classtype:trojan-activity;sid:84349067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485968)"; flow:established,from_client; content:"GET"; http_method; content:"/inv"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"194.163.151.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485968/; classtype:trojan-activity;sid:84349068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485969)"; flow:established,from_client; content:"GET"; http_method; content:"/inv"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"194.163.151.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485969/; classtype:trojan-activity;sid:84349069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.61.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485966/; classtype:trojan-activity;sid:84349066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485965)"; flow:established,from_client; content:"GET"; http_method; content:"/jackedmicheal/ccenty/raw/refs/heads/main/crspoof.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485965/; classtype:trojan-activity;sid:84349065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.170.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485964/; classtype:trojan-activity;sid:84349064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485962)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener2.vbs"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"204.12.236.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485962/; classtype:trojan-activity;sid:84349062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485963)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener1.vbs"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"204.12.236.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485963/; classtype:trojan-activity;sid:84349063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485961)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener3.vbs"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"204.12.236.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485961/; classtype:trojan-activity;sid:84349061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485960)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"204.12.236.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485960/; classtype:trojan-activity;sid:84349060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.222.186.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485959/; classtype:trojan-activity;sid:84349059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.21.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485958/; classtype:trojan-activity;sid:84349058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485957)"; flow:established,from_client; content:"GET"; http_method; content:"/winlogon.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"191.93.113.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485957/; classtype:trojan-activity;sid:84349057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.162.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485956/; classtype:trojan-activity;sid:84349056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.223.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485955/; classtype:trojan-activity;sid:84349055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485953)"; flow:established,from_client; content:"GET"; http_method; content:"/astringents.wsf"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"31.57.166.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485953/; classtype:trojan-activity;sid:84349053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485954)"; flow:established,from_client; content:"GET"; http_method; content:"/cochleate.vbs"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"31.57.166.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485954/; classtype:trojan-activity;sid:84349054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.168.41.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485952/; classtype:trojan-activity;sid:84349052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.217.117.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485951/; classtype:trojan-activity;sid:84349051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.252.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485950/; classtype:trojan-activity;sid:84349050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.21.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485949/; classtype:trojan-activity;sid:84349049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.14.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485948/; classtype:trojan-activity;sid:84349048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.14.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485947/; classtype:trojan-activity;sid:84349047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.60.49.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485946/; classtype:trojan-activity;sid:84349046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.240.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485945/; classtype:trojan-activity;sid:84349045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.116.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485944/; classtype:trojan-activity;sid:84349044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.222.186.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485943/; classtype:trojan-activity;sid:84349043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485942)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.34.75.87"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485942/; classtype:trojan-activity;sid:84349042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.169.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485941/; classtype:trojan-activity;sid:84349041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.162.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485939/; classtype:trojan-activity;sid:84349039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485940)"; flow:established,from_client; content:"GET"; http_method; content:"/7mlr9nhp62.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485940/; classtype:trojan-activity;sid:84349040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.60.49.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485938/; classtype:trojan-activity;sid:84349038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.27.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485937/; classtype:trojan-activity;sid:84349037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.29.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485936/; classtype:trojan-activity;sid:84349036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.169.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485935/; classtype:trojan-activity;sid:84349035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.217.117.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485934/; classtype:trojan-activity;sid:84349034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.252.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485933/; classtype:trojan-activity;sid:84349033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.188.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485932/; classtype:trojan-activity;sid:84349032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.112.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485931/; classtype:trojan-activity;sid:84349031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.116.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485930/; classtype:trojan-activity;sid:84349030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.122.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485929/; classtype:trojan-activity;sid:84349029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.125.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485927/; classtype:trojan-activity;sid:84349027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485928/; classtype:trojan-activity;sid:84349028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.156.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485926/; classtype:trojan-activity;sid:84349026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.10.180.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485925/; classtype:trojan-activity;sid:84349025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.59.91.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485924/; classtype:trojan-activity;sid:84349024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.251.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485923/; classtype:trojan-activity;sid:84349023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.169.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485922/; classtype:trojan-activity;sid:84349022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.117.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485921/; classtype:trojan-activity;sid:84349021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.160.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485920/; classtype:trojan-activity;sid:84349020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.79.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485919/; classtype:trojan-activity;sid:84349019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.21.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485918/; classtype:trojan-activity;sid:84349018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.125.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485917/; classtype:trojan-activity;sid:84349017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.125.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485916/; classtype:trojan-activity;sid:84349016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485914/; classtype:trojan-activity;sid:84349014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.251.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485915/; classtype:trojan-activity;sid:84349015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.59.91.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485913/; classtype:trojan-activity;sid:84349013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485912)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.75.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485912/; classtype:trojan-activity;sid:84349012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485908)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.247.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485908/; classtype:trojan-activity;sid:84349008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485909/; classtype:trojan-activity;sid:84349009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485910)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.154.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485910/; classtype:trojan-activity;sid:84349010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.243.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485911/; classtype:trojan-activity;sid:84349011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485907)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.242.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485907/; classtype:trojan-activity;sid:84349007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.205.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485906/; classtype:trojan-activity;sid:84349006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485904)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.28.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485904/; classtype:trojan-activity;sid:84349004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485905)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.129.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485905/; classtype:trojan-activity;sid:84349005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.125.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485903/; classtype:trojan-activity;sid:84349003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.151.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485902/; classtype:trojan-activity;sid:84349002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485901)"; flow:established,from_client; content:"GET"; http_method; content:"/0j0bjodybf.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3485901/; classtype:trojan-activity;sid:84349001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.125.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485900/; classtype:trojan-activity;sid:84349000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.247.142.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485899/; classtype:trojan-activity;sid:84348999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.21.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485898/; classtype:trojan-activity;sid:84348998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.21.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485897/; classtype:trojan-activity;sid:84348997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.159.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485896/; classtype:trojan-activity;sid:84348996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.7.99"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485895/; classtype:trojan-activity;sid:84348995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.151.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485894/; classtype:trojan-activity;sid:84348994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.181.224.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485893/; classtype:trojan-activity;sid:84348993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.243.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485892/; classtype:trojan-activity;sid:84348992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.247.142.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485891/; classtype:trojan-activity;sid:84348991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.30.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485890/; classtype:trojan-activity;sid:84348990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.21.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485889/; classtype:trojan-activity;sid:84348989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.7.99"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485888/; classtype:trojan-activity;sid:84348988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.212.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485887/; classtype:trojan-activity;sid:84348987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.34.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485886/; classtype:trojan-activity;sid:84348986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.159.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485885/; classtype:trojan-activity;sid:84348985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.181.224.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485884/; classtype:trojan-activity;sid:84348984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.133.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485882/; classtype:trojan-activity;sid:84348982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.34.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485883/; classtype:trojan-activity;sid:84348983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.137.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485881/; classtype:trojan-activity;sid:84348981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485880)"; flow:established,from_client; content:"GET"; http_method; content:"/mi2yz2a6gx.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485880/; classtype:trojan-activity;sid:84348980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.20.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485879/; classtype:trojan-activity;sid:84348979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.133.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485878/; classtype:trojan-activity;sid:84348978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.5.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485877/; classtype:trojan-activity;sid:84348977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.240.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485876/; classtype:trojan-activity;sid:84348976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.238.95.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485875/; classtype:trojan-activity;sid:84348975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.70.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485874/; classtype:trojan-activity;sid:84348974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.176.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485873/; classtype:trojan-activity;sid:84348973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485872)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"222.245.2.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485872/; classtype:trojan-activity;sid:84348972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.248.235.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485871/; classtype:trojan-activity;sid:84348971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.133.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485870/; classtype:trojan-activity;sid:84348970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.255.41.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485869/; classtype:trojan-activity;sid:84348969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.30.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485868/; classtype:trojan-activity;sid:84348968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.21.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485867/; classtype:trojan-activity;sid:84348967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.252.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485866/; classtype:trojan-activity;sid:84348966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485865)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.231.156.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485865/; classtype:trojan-activity;sid:84348965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.176.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485864/; classtype:trojan-activity;sid:84348964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.18.208.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485863/; classtype:trojan-activity;sid:84348963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.248.235.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485861/; classtype:trojan-activity;sid:84348961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.238.95.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485862/; classtype:trojan-activity;sid:84348962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.27.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485860/; classtype:trojan-activity;sid:84348960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.64.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485858/; classtype:trojan-activity;sid:84348958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.41.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485859/; classtype:trojan-activity;sid:84348959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.70.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485857/; classtype:trojan-activity;sid:84348957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.18.208.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485856/; classtype:trojan-activity;sid:84348956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.27.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485855/; classtype:trojan-activity;sid:84348955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.21.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485854/; classtype:trojan-activity;sid:84348954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.200.93.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485853/; classtype:trojan-activity;sid:84348953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485852)"; flow:established,from_client; content:"GET"; http_method; content:"/kth3ais7sb.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485852/; classtype:trojan-activity;sid:84348952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.73.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485851/; classtype:trojan-activity;sid:84348951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.18.253.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485850/; classtype:trojan-activity;sid:84348950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485848/; classtype:trojan-activity;sid:84348948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.201.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485849/; classtype:trojan-activity;sid:84348949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.203.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485847/; classtype:trojan-activity;sid:84348947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.103.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485846/; classtype:trojan-activity;sid:84348946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.232.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485845/; classtype:trojan-activity;sid:84348945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.200.93.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485844/; classtype:trojan-activity;sid:84348944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.232.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485843/; classtype:trojan-activity;sid:84348943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.18.253.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485842/; classtype:trojan-activity;sid:84348942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.231.152.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485841/; classtype:trojan-activity;sid:84348941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.233.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485840/; classtype:trojan-activity;sid:84348940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.203.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485839/; classtype:trojan-activity;sid:84348939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.73.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485838/; classtype:trojan-activity;sid:84348938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.70.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485837/; classtype:trojan-activity;sid:84348937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.232.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485836/; classtype:trojan-activity;sid:84348936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.134.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485835/; classtype:trojan-activity;sid:84348935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.31.189.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485833/; classtype:trojan-activity;sid:84348933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.233.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485834/; classtype:trojan-activity;sid:84348934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.206.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485832/; classtype:trojan-activity;sid:84348932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.18.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485831/; classtype:trojan-activity;sid:84348931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485830/; classtype:trojan-activity;sid:84348930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.154.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485829/; classtype:trojan-activity;sid:84348929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.103.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485828/; classtype:trojan-activity;sid:84348928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485827)"; flow:established,from_client; content:"GET"; http_method; content:"/monaaa00/moniass/downloads/copia_de_la_notificacion_demanda_juzgado_panal_de_control_de_garantias.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485827/; classtype:trojan-activity;sid:84348927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485826)"; flow:established,from_client; content:"GET"; http_method; content:"/dasdasdasd5h656/rthrthrth/raw/90b74e469487f7a993c3909b4654750040c22c2f/blue.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485826/; classtype:trojan-activity;sid:84348926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485821)"; flow:established,from_client; content:"GET"; http_method; content:"/awesometest/crycry/downloads/tron_client-built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485821/; classtype:trojan-activity;sid:84348921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485822)"; flow:established,from_client; content:"GET"; http_method; content:"/dasdasdasd5h656/rthrthrth/raw/90b74e469487f7a993c3909b4654750040c22c2f/mind.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485822/; classtype:trojan-activity;sid:84348922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485823)"; flow:established,from_client; content:"GET"; http_method; content:"/dasdasdasd5h656/rthrthrth/raw/90b74e469487f7a993c3909b4654750040c22c2f/purple.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485823/; classtype:trojan-activity;sid:84348923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485824)"; flow:established,from_client; content:"GET"; http_method; content:"/dasdasdasd5h656/rthrthrth/raw/90b74e469487f7a993c3909b4654750040c22c2f/zln61.exe"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485824/; classtype:trojan-activity;sid:84348924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485825)"; flow:established,from_client; content:"GET"; http_method; content:"/dasdasdasd5h656/rthrthrth/raw/90b74e469487f7a993c3909b4654750040c22c2f/black.exe"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485825/; classtype:trojan-activity;sid:84348925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485817)"; flow:established,from_client; content:"GET"; http_method; content:"/dasdasdasd5h656/rthrthrth/raw/90b74e469487f7a993c3909b4654750040c22c2f/yl61.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485817/; classtype:trojan-activity;sid:84348917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485818)"; flow:established,from_client; content:"GET"; http_method; content:"/downloadreaders/adobereader/downloads/adobereader.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485818/; classtype:trojan-activity;sid:84348918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485819)"; flow:established,from_client; content:"GET"; http_method; content:"/awesometest/crycry/downloads/tron_redline14.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485819/; classtype:trojan-activity;sid:84348919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485820)"; flow:established,from_client; content:"GET"; http_method; content:"/downloadreaders/adobe_reader/downloads/adobereader.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485820/; classtype:trojan-activity;sid:84348920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485816)"; flow:established,from_client; content:"GET"; http_method; content:"/dasdasdasd5h656/rthrthrth/raw/90b74e469487f7a993c3909b4654750040c22c2f/clp.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485816/; classtype:trojan-activity;sid:84348916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485815)"; flow:established,from_client; content:"GET"; http_method; content:"/dasdasdasd5h656/rthrthrth/raw/90b74e469487f7a993c3909b4654750040c22c2f/red.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485815/; classtype:trojan-activity;sid:84348915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.153.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485814/; classtype:trojan-activity;sid:84348914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.141.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485813/; classtype:trojan-activity;sid:84348913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.148.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485812/; classtype:trojan-activity;sid:84348912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.103.54.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485810/; classtype:trojan-activity;sid:84348910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.0.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485811/; classtype:trojan-activity;sid:84348911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.226.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485809/; classtype:trojan-activity;sid:84348909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485808/; classtype:trojan-activity;sid:84348908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485807)"; flow:established,from_client; content:"GET"; http_method; content:"/serranias00/serranias/downloads/demanda_personal_juzgado_penal_de_rama_judicial.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485807/; classtype:trojan-activity;sid:84348907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.184.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485806/; classtype:trojan-activity;sid:84348906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485805)"; flow:established,from_client; content:"GET"; http_method; content:"/bbnxgw0kl6.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485805/; classtype:trojan-activity;sid:84348905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.29.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485804/; classtype:trojan-activity;sid:84348904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.154.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485803/; classtype:trojan-activity;sid:84348903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.153.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485802/; classtype:trojan-activity;sid:84348902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.225.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485801/; classtype:trojan-activity;sid:84348901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.141.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485800/; classtype:trojan-activity;sid:84348900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.184.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485799/; classtype:trojan-activity;sid:84348899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.164.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485797/; classtype:trojan-activity;sid:84348897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.207.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485798/; classtype:trojan-activity;sid:84348898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485796)"; flow:established,from_client; content:"GET"; http_method; content:"/cam.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bay-boy-mali-carter.trycloudflare.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485796/; classtype:trojan-activity;sid:84348896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485795)"; flow:established,from_client; content:"GET"; http_method; content:"/bab.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bay-boy-mali-carter.trycloudflare.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485795/; classtype:trojan-activity;sid:84348895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.148.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485794/; classtype:trojan-activity;sid:84348894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485792)"; flow:established,from_client; content:"GET"; http_method; content:"/new.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bay-boy-mali-carter.trycloudflare.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485792/; classtype:trojan-activity;sid:84348892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485793)"; flow:established,from_client; content:"GET"; http_method; content:"/startupppp.bat"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bay-boy-mali-carter.trycloudflare.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485793/; classtype:trojan-activity;sid:84348893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485791)"; flow:established,from_client; content:"GET"; http_method; content:"/ftsp.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bay-boy-mali-carter.trycloudflare.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485791/; classtype:trojan-activity;sid:84348891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.20.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485790/; classtype:trojan-activity;sid:84348890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485789)"; flow:established,from_client; content:"GET"; http_method; content:"/ls/rvh.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"147.45.44.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485789/; classtype:trojan-activity;sid:84348889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485785)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/test.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"62.133.61.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485785/; classtype:trojan-activity;sid:84348885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485786)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/plplo5.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.151.62.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485786/; classtype:trojan-activity;sid:84348886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485787)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/testo.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.151.62.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485787/; classtype:trojan-activity;sid:84348887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485788)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/testo2.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.151.62.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485788/; classtype:trojan-activity;sid:84348888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485781)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/invoice.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.83.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485781/; classtype:trojan-activity;sid:84348881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485782)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/truck104.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.84.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485782/; classtype:trojan-activity;sid:84348882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485783)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/claim3456709.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"196.251.84.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485783/; classtype:trojan-activity;sid:84348883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.9.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485784/; classtype:trojan-activity;sid:84348884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485779)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485779/; classtype:trojan-activity;sid:84348879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485780)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485780/; classtype:trojan-activity;sid:84348880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485776)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485776/; classtype:trojan-activity;sid:84348876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485777)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485777/; classtype:trojan-activity;sid:84348877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485778)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485778/; classtype:trojan-activity;sid:84348878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485757)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485757/; classtype:trojan-activity;sid:84348857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485758)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485758/; classtype:trojan-activity;sid:84348858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485759)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485759/; classtype:trojan-activity;sid:84348859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485760)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485760/; classtype:trojan-activity;sid:84348860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485761)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485761/; classtype:trojan-activity;sid:84348861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485762)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485762/; classtype:trojan-activity;sid:84348862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485763)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485763/; classtype:trojan-activity;sid:84348863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485764)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485764/; classtype:trojan-activity;sid:84348864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485765)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485765/; classtype:trojan-activity;sid:84348865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485766)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485766/; classtype:trojan-activity;sid:84348866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485767)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485767/; classtype:trojan-activity;sid:84348867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485768)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485768/; classtype:trojan-activity;sid:84348868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485769)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485769/; classtype:trojan-activity;sid:84348869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485770)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485770/; classtype:trojan-activity;sid:84348870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485771)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485771/; classtype:trojan-activity;sid:84348871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485772)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485772/; classtype:trojan-activity;sid:84348872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485773)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485773/; classtype:trojan-activity;sid:84348873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485774)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485774/; classtype:trojan-activity;sid:84348874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485775)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485775/; classtype:trojan-activity;sid:84348875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485736)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485736/; classtype:trojan-activity;sid:84348836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485737)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485737/; classtype:trojan-activity;sid:84348837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485738)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485738/; classtype:trojan-activity;sid:84348838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485739)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485739/; classtype:trojan-activity;sid:84348839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485740)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485740/; classtype:trojan-activity;sid:84348840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485741)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485741/; classtype:trojan-activity;sid:84348841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485742)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485742/; classtype:trojan-activity;sid:84348842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485743)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485743/; classtype:trojan-activity;sid:84348843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485744)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485744/; classtype:trojan-activity;sid:84348844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485745)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485745/; classtype:trojan-activity;sid:84348845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485746)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485746/; classtype:trojan-activity;sid:84348846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485747)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485747/; classtype:trojan-activity;sid:84348847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485748)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485748/; classtype:trojan-activity;sid:84348848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485749)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485749/; classtype:trojan-activity;sid:84348849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485750)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485750/; classtype:trojan-activity;sid:84348850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485751)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485751/; classtype:trojan-activity;sid:84348851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485752)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485752/; classtype:trojan-activity;sid:84348852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485753)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485753/; classtype:trojan-activity;sid:84348853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485754)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485754/; classtype:trojan-activity;sid:84348854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485755)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485755/; classtype:trojan-activity;sid:84348855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485756)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485756/; classtype:trojan-activity;sid:84348856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485722)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485722/; classtype:trojan-activity;sid:84348822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485723)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485723/; classtype:trojan-activity;sid:84348823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485724)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485724/; classtype:trojan-activity;sid:84348824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485725)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485725/; classtype:trojan-activity;sid:84348825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485726)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485726/; classtype:trojan-activity;sid:84348826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485727)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485727/; classtype:trojan-activity;sid:84348827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485728)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485728/; classtype:trojan-activity;sid:84348828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485729)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485729/; classtype:trojan-activity;sid:84348829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485730)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485730/; classtype:trojan-activity;sid:84348830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485731)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485731/; classtype:trojan-activity;sid:84348831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485732)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485732/; classtype:trojan-activity;sid:84348832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485733)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485733/; classtype:trojan-activity;sid:84348833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485734)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485734/; classtype:trojan-activity;sid:84348834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485735)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485735/; classtype:trojan-activity;sid:84348835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485696)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485696/; classtype:trojan-activity;sid:84348796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485697)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485697/; classtype:trojan-activity;sid:84348797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485698)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485698/; classtype:trojan-activity;sid:84348798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485699)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485699/; classtype:trojan-activity;sid:84348799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485700)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485700/; classtype:trojan-activity;sid:84348800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485701)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485701/; classtype:trojan-activity;sid:84348801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485702)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485702/; classtype:trojan-activity;sid:84348802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485703)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485703/; classtype:trojan-activity;sid:84348803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485704)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485704/; classtype:trojan-activity;sid:84348804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485705)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485705/; classtype:trojan-activity;sid:84348805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485706)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485706/; classtype:trojan-activity;sid:84348806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485707)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485707/; classtype:trojan-activity;sid:84348807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485708)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485708/; classtype:trojan-activity;sid:84348808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485709)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485709/; classtype:trojan-activity;sid:84348809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485710)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485710/; classtype:trojan-activity;sid:84348810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485711)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485711/; classtype:trojan-activity;sid:84348811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485712)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485712/; classtype:trojan-activity;sid:84348812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485713)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485713/; classtype:trojan-activity;sid:84348813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485714)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485714/; classtype:trojan-activity;sid:84348814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485715)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485715/; classtype:trojan-activity;sid:84348815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485716)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485716/; classtype:trojan-activity;sid:84348816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485717)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485717/; classtype:trojan-activity;sid:84348817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485718)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485718/; classtype:trojan-activity;sid:84348818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485719)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485719/; classtype:trojan-activity;sid:84348819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485720)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485720/; classtype:trojan-activity;sid:84348820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485721)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485721/; classtype:trojan-activity;sid:84348821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.97.231.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485695/; classtype:trojan-activity;sid:84348795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485694)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485694/; classtype:trojan-activity;sid:84348794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485693)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485693/; classtype:trojan-activity;sid:84348793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485690)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485690/; classtype:trojan-activity;sid:84348790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485691)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485691/; classtype:trojan-activity;sid:84348791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485692)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485692/; classtype:trojan-activity;sid:84348792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485653)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485653/; classtype:trojan-activity;sid:84348753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485654)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485654/; classtype:trojan-activity;sid:84348754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485655)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485655/; classtype:trojan-activity;sid:84348755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485656)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485656/; classtype:trojan-activity;sid:84348756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485657)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485657/; classtype:trojan-activity;sid:84348757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485658)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485658/; classtype:trojan-activity;sid:84348758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485659)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485659/; classtype:trojan-activity;sid:84348759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485660)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485660/; classtype:trojan-activity;sid:84348760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485661)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485661/; classtype:trojan-activity;sid:84348761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485662)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485662/; classtype:trojan-activity;sid:84348762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485663)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485663/; classtype:trojan-activity;sid:84348763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485664)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485664/; classtype:trojan-activity;sid:84348764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485665)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485665/; classtype:trojan-activity;sid:84348765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485666)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485666/; classtype:trojan-activity;sid:84348766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485667)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485667/; classtype:trojan-activity;sid:84348767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485668)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485668/; classtype:trojan-activity;sid:84348768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485669)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485669/; classtype:trojan-activity;sid:84348769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485670)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485670/; classtype:trojan-activity;sid:84348770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485671)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485671/; classtype:trojan-activity;sid:84348771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485672)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485672/; classtype:trojan-activity;sid:84348772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485673)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485673/; classtype:trojan-activity;sid:84348773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485674)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485674/; classtype:trojan-activity;sid:84348774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485675)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485675/; classtype:trojan-activity;sid:84348775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485676)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485676/; classtype:trojan-activity;sid:84348776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485677)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485677/; classtype:trojan-activity;sid:84348777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485678)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485678/; classtype:trojan-activity;sid:84348778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485679)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485679/; classtype:trojan-activity;sid:84348779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485680)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485680/; classtype:trojan-activity;sid:84348780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485681)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485681/; classtype:trojan-activity;sid:84348781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485682)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485682/; classtype:trojan-activity;sid:84348782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485683)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485683/; classtype:trojan-activity;sid:84348783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485684)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485684/; classtype:trojan-activity;sid:84348784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485685)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485685/; classtype:trojan-activity;sid:84348785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485686)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485686/; classtype:trojan-activity;sid:84348786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485687)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485687/; classtype:trojan-activity;sid:84348787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485688)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485688/; classtype:trojan-activity;sid:84348788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485689)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485689/; classtype:trojan-activity;sid:84348789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485650)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485650/; classtype:trojan-activity;sid:84348750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485651)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485651/; classtype:trojan-activity;sid:84348751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485652)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485652/; classtype:trojan-activity;sid:84348752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485610)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485610/; classtype:trojan-activity;sid:84348710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485611)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485611/; classtype:trojan-activity;sid:84348711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485612)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485612/; classtype:trojan-activity;sid:84348712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485613)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485613/; classtype:trojan-activity;sid:84348713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485614)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485614/; classtype:trojan-activity;sid:84348714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485615)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485615/; classtype:trojan-activity;sid:84348715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485616)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485616/; classtype:trojan-activity;sid:84348716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485617)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485617/; classtype:trojan-activity;sid:84348717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485618)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485618/; classtype:trojan-activity;sid:84348718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485619)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485619/; classtype:trojan-activity;sid:84348719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485620)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485620/; classtype:trojan-activity;sid:84348720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485621)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485621/; classtype:trojan-activity;sid:84348721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485622)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485622/; classtype:trojan-activity;sid:84348722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485623)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485623/; classtype:trojan-activity;sid:84348723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485624)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485624/; classtype:trojan-activity;sid:84348724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485625)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485625/; classtype:trojan-activity;sid:84348725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485626)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485626/; classtype:trojan-activity;sid:84348726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485627)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485627/; classtype:trojan-activity;sid:84348727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485628)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485628/; classtype:trojan-activity;sid:84348728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485629)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485629/; classtype:trojan-activity;sid:84348729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485630)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485630/; classtype:trojan-activity;sid:84348730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485631)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485631/; classtype:trojan-activity;sid:84348731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485632)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485632/; classtype:trojan-activity;sid:84348732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485633)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485633/; classtype:trojan-activity;sid:84348733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485634)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485634/; classtype:trojan-activity;sid:84348734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485635)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485635/; classtype:trojan-activity;sid:84348735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485636)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485636/; classtype:trojan-activity;sid:84348736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485637)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485637/; classtype:trojan-activity;sid:84348737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485638)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485638/; classtype:trojan-activity;sid:84348738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485639)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485639/; classtype:trojan-activity;sid:84348739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485640)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485640/; classtype:trojan-activity;sid:84348740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485641)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485641/; classtype:trojan-activity;sid:84348741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485642)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485642/; classtype:trojan-activity;sid:84348742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485643)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485643/; classtype:trojan-activity;sid:84348743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485644)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485644/; classtype:trojan-activity;sid:84348744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485645)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485645/; classtype:trojan-activity;sid:84348745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485646)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485646/; classtype:trojan-activity;sid:84348746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485647)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485647/; classtype:trojan-activity;sid:84348747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485648)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485648/; classtype:trojan-activity;sid:84348748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485649)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485649/; classtype:trojan-activity;sid:84348749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485606)"; flow:established,from_client; content:"GET"; http_method; content:"/nimips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485606/; classtype:trojan-activity;sid:84348706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485607)"; flow:established,from_client; content:"GET"; http_method; content:"/harm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485607/; classtype:trojan-activity;sid:84348707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485608)"; flow:established,from_client; content:"GET"; http_method; content:"/harm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485608/; classtype:trojan-activity;sid:84348708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485609)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485609/; classtype:trojan-activity;sid:84348709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.77.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485604/; classtype:trojan-activity;sid:84348704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485603)"; flow:established,from_client; content:"GET"; http_method; content:"/code1/code"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"88.151.192.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485603/; classtype:trojan-activity;sid:84348703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485601)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/%d0%94%d0%be%d0%b3%d0%be%d0%b2%d0%be%d1%80.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"88.151.192.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485601/; classtype:trojan-activity;sid:84348701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485602)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/%d0%a0%d0%b0%d1%85%d1%83%d0%bd%d0%be%d0%ba.pdf.lnk"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"88.151.192.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485602/; classtype:trojan-activity;sid:84348702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485600)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/%d0%9f%d0%bb%d0%b0%d1%82%d0%b5%d0%b6%d0%bd%d0%b0%20i%d0%bd%d1%81%d1%82%d1%80%d1%83%d0%ba%d1%86%d0%b8%d1%8f.pdf.lnk"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"88.151.192.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485600/; classtype:trojan-activity;sid:84348700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485598)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485598/; classtype:trojan-activity;sid:84348698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485599)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485599/; classtype:trojan-activity;sid:84348699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485594)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485594/; classtype:trojan-activity;sid:84348694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485595)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485595/; classtype:trojan-activity;sid:84348695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485596)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485596/; classtype:trojan-activity;sid:84348696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485597)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485597/; classtype:trojan-activity;sid:84348697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.80.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485593/; classtype:trojan-activity;sid:84348693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485592)"; flow:established,from_client; content:"GET"; http_method; content:"/nimips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.245.241.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485592/; classtype:trojan-activity;sid:84348692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.207.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485591/; classtype:trojan-activity;sid:84348691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485585)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"continueoraweb.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485585/; classtype:trojan-activity;sid:84348685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485586)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"multi-canale.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485586/; classtype:trojan-activity;sid:84348686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485587)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"continueoraweb.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485587/; classtype:trojan-activity;sid:84348687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485588)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"multi-canale.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485588/; classtype:trojan-activity;sid:84348688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485589)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"adesso-online.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485589/; classtype:trojan-activity;sid:84348689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485590)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"multi-canale.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485590/; classtype:trojan-activity;sid:84348690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485580)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"continueoraweb.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485580/; classtype:trojan-activity;sid:84348680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485581)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"continueoraweb.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485581/; classtype:trojan-activity;sid:84348681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485582)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"continueoraweb.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485582/; classtype:trojan-activity;sid:84348682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485583)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"continueoraweb.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485583/; classtype:trojan-activity;sid:84348683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485584)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"adesso-online.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485584/; classtype:trojan-activity;sid:84348684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485579)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ora-0-web.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485579/; classtype:trojan-activity;sid:84348679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485567)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ora-0-web.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485567/; classtype:trojan-activity;sid:84348667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485568)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ora-0-web.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485568/; classtype:trojan-activity;sid:84348668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485569)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ora-0-web.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485569/; classtype:trojan-activity;sid:84348669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485570)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"continueoraweb.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485570/; classtype:trojan-activity;sid:84348670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485571)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"adesso-online.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485571/; classtype:trojan-activity;sid:84348671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485572)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"continueoraweb.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485572/; classtype:trojan-activity;sid:84348672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485573)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"continueoraweb.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485573/; classtype:trojan-activity;sid:84348673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485574)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"adesso-online.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485574/; classtype:trojan-activity;sid:84348674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485575)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"adesso-online.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485575/; classtype:trojan-activity;sid:84348675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485576)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ora-0-web.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485576/; classtype:trojan-activity;sid:84348676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485577)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"continueoraweb.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485577/; classtype:trojan-activity;sid:84348677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485578)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"multi-canale.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485578/; classtype:trojan-activity;sid:84348678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485544)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"multi-canale.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485544/; classtype:trojan-activity;sid:84348644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485545)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ora-0-web.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485545/; classtype:trojan-activity;sid:84348645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485546)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"adesso-online.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485546/; classtype:trojan-activity;sid:84348646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485547)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"continueoraweb.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485547/; classtype:trojan-activity;sid:84348647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485548)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"multi-canale.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485548/; classtype:trojan-activity;sid:84348648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485549)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ora-0-web.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485549/; classtype:trojan-activity;sid:84348649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485550)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"adesso-online.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485550/; classtype:trojan-activity;sid:84348650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485551)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ora-0-web.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485551/; classtype:trojan-activity;sid:84348651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485552)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"adesso-online.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485552/; classtype:trojan-activity;sid:84348652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485553)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"adesso-online.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485553/; classtype:trojan-activity;sid:84348653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485554)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"multi-canale.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485554/; classtype:trojan-activity;sid:84348654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485555)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"continueoraweb.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485555/; classtype:trojan-activity;sid:84348655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485556)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"adesso-online.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485556/; classtype:trojan-activity;sid:84348656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485557)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ora-0-web.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485557/; classtype:trojan-activity;sid:84348657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485558)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"multi-canale.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485558/; classtype:trojan-activity;sid:84348658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485559)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"multi-canale.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485559/; classtype:trojan-activity;sid:84348659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485560)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"continueoraweb.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485560/; classtype:trojan-activity;sid:84348660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485561)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"multi-canale.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485561/; classtype:trojan-activity;sid:84348661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485562)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"adesso-online.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485562/; classtype:trojan-activity;sid:84348662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485563)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ora-0-web.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485563/; classtype:trojan-activity;sid:84348663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485564)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"adesso-online.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485564/; classtype:trojan-activity;sid:84348664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485565)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"ora-0-web.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485565/; classtype:trojan-activity;sid:84348665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485566)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"adesso-online.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485566/; classtype:trojan-activity;sid:84348666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485539)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ora-0-web.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485539/; classtype:trojan-activity;sid:84348639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485540)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ora-0-web.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485540/; classtype:trojan-activity;sid:84348640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485541)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"multi-canale.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485541/; classtype:trojan-activity;sid:84348641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485542)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"multi-canale.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485542/; classtype:trojan-activity;sid:84348642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485543)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"multi-canale.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485543/; classtype:trojan-activity;sid:84348643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.164.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485538/; classtype:trojan-activity;sid:84348638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.142.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485537/; classtype:trojan-activity;sid:84348637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.20.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485536/; classtype:trojan-activity;sid:84348636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485535)"; flow:established,from_client; content:"GET"; http_method; content:"/raw_cbot.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"61.7.209.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485535/; classtype:trojan-activity;sid:84348635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485534)"; flow:established,from_client; content:"GET"; http_method; content:"/cbot.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"61.7.209.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485534/; classtype:trojan-activity;sid:84348634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.97.231.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485533/; classtype:trojan-activity;sid:84348633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485507)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485507/; classtype:trojan-activity;sid:84348607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485508)"; flow:established,from_client; content:"GET"; http_method; content:"/tr064.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485508/; classtype:trojan-activity;sid:84348608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485509)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485509/; classtype:trojan-activity;sid:84348609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485510)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485510/; classtype:trojan-activity;sid:84348610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485511)"; flow:established,from_client; content:"GET"; http_method; content:"/awsec2.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485511/; classtype:trojan-activity;sid:84348611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485512)"; flow:established,from_client; content:"GET"; http_method; content:"/build.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485512/; classtype:trojan-activity;sid:84348612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485513)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485513/; classtype:trojan-activity;sid:84348613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485514)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485514/; classtype:trojan-activity;sid:84348614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485515)"; flow:established,from_client; content:"GET"; http_method; content:"/crossweb.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485515/; classtype:trojan-activity;sid:84348615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485516)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485516/; classtype:trojan-activity;sid:84348616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485517)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485517/; classtype:trojan-activity;sid:84348617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485518)"; flow:established,from_client; content:"GET"; http_method; content:"/vacron.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485518/; classtype:trojan-activity;sid:84348618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485519)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485519/; classtype:trojan-activity;sid:84348619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485520)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485520/; classtype:trojan-activity;sid:84348620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485521)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485521/; classtype:trojan-activity;sid:84348621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485522)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485522/; classtype:trojan-activity;sid:84348622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485523)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485523/; classtype:trojan-activity;sid:84348623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485524)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485524/; classtype:trojan-activity;sid:84348624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485525)"; flow:established,from_client; content:"GET"; http_method; content:"/r7000.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485525/; classtype:trojan-activity;sid:84348625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485526)"; flow:established,from_client; content:"GET"; http_method; content:"/dlink.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485526/; classtype:trojan-activity;sid:84348626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485527)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485527/; classtype:trojan-activity;sid:84348627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485528)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485528/; classtype:trojan-activity;sid:84348628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485529)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485529/; classtype:trojan-activity;sid:84348629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485530)"; flow:established,from_client; content:"GET"; http_method; content:"/netgear.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485530/; classtype:trojan-activity;sid:84348630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485531)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485531/; classtype:trojan-activity;sid:84348631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485532)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"174.138.41.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485532/; classtype:trojan-activity;sid:84348632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485506)"; flow:established,from_client; content:"GET"; http_method; content:"/vh85odktui.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485506/; classtype:trojan-activity;sid:84348606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485505)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.29.202.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485505/; classtype:trojan-activity;sid:84348605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485504)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.182.124.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485504/; classtype:trojan-activity;sid:84348604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485503)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.204.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485503/; classtype:trojan-activity;sid:84348603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485495)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"101.168.52.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485495/; classtype:trojan-activity;sid:84348595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485496)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.255.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485496/; classtype:trojan-activity;sid:84348596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485497)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.77.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485497/; classtype:trojan-activity;sid:84348597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485498)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.84.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485498/; classtype:trojan-activity;sid:84348598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485499)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.210.139.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485499/; classtype:trojan-activity;sid:84348599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485500)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.25.163.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485500/; classtype:trojan-activity;sid:84348600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485501)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.25.163.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485501/; classtype:trojan-activity;sid:84348601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485502)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.245.87.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485502/; classtype:trojan-activity;sid:84348602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485484)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"183.191.214.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485484/; classtype:trojan-activity;sid:84348584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485485)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.67.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485485/; classtype:trojan-activity;sid:84348585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485486)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.75.200.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485486/; classtype:trojan-activity;sid:84348586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485487)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.142.236.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485487/; classtype:trojan-activity;sid:84348587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485488)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"75.83.174.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485488/; classtype:trojan-activity;sid:84348588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485489)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.89.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485489/; classtype:trojan-activity;sid:84348589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485490)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.88.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485490/; classtype:trojan-activity;sid:84348590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485491)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.88.238.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485491/; classtype:trojan-activity;sid:84348591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485492)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.64.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485492/; classtype:trojan-activity;sid:84348592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485493)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.164.189.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485493/; classtype:trojan-activity;sid:84348593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485494)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.217.117.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485494/; classtype:trojan-activity;sid:84348594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485479)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.133.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485479/; classtype:trojan-activity;sid:84348579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485480)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.23.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485480/; classtype:trojan-activity;sid:84348580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485481)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.67.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485481/; classtype:trojan-activity;sid:84348581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485482)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.82.45.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485482/; classtype:trojan-activity;sid:84348582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485483)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.59.43.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485483/; classtype:trojan-activity;sid:84348583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485476)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.192.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485476/; classtype:trojan-activity;sid:84348576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485477)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.132.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485477/; classtype:trojan-activity;sid:84348577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485478)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.125.44.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485478/; classtype:trojan-activity;sid:84348578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485474)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.130.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485474/; classtype:trojan-activity;sid:84348574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485475)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.80.109.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485475/; classtype:trojan-activity;sid:84348575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485473)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.181.121.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485473/; classtype:trojan-activity;sid:84348573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.21.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485472/; classtype:trojan-activity;sid:84348572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.235.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485471/; classtype:trojan-activity;sid:84348571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485455)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"eversioneweb.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485455/; classtype:trojan-activity;sid:84348555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485456)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"eversioneweb.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485456/; classtype:trojan-activity;sid:84348556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485457)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"gestisciweb.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485457/; classtype:trojan-activity;sid:84348557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485458)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"gestisciweb.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485458/; classtype:trojan-activity;sid:84348558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485459)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"eversioneweb.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485459/; classtype:trojan-activity;sid:84348559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485460)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gestisciweb.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485460/; classtype:trojan-activity;sid:84348560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485461)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"eversioneweb.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485461/; classtype:trojan-activity;sid:84348561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485462)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gestisciweb.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485462/; classtype:trojan-activity;sid:84348562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485463)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"gestisciweb.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485463/; classtype:trojan-activity;sid:84348563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485464)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"gestisciweb.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485464/; classtype:trojan-activity;sid:84348564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485465)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"gestisciweb.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485465/; classtype:trojan-activity;sid:84348565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485466)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"eversioneweb.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485466/; classtype:trojan-activity;sid:84348566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485467)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gestisciweb.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485467/; classtype:trojan-activity;sid:84348567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485468)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gestisciweb.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485468/; classtype:trojan-activity;sid:84348568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485469)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"gestisciweb.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485469/; classtype:trojan-activity;sid:84348569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485470)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"eversioneweb.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485470/; classtype:trojan-activity;sid:84348570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485446)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gestisciweb.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485446/; classtype:trojan-activity;sid:84348546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485447)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"gestisciweb.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485447/; classtype:trojan-activity;sid:84348547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485448)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"eversioneweb.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485448/; classtype:trojan-activity;sid:84348548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485449)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"eversioneweb.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485449/; classtype:trojan-activity;sid:84348549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485450)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"eversioneweb.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485450/; classtype:trojan-activity;sid:84348550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485451)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"eversioneweb.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485451/; classtype:trojan-activity;sid:84348551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485452)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"eversioneweb.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485452/; classtype:trojan-activity;sid:84348552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485453)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gestisciweb.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485453/; classtype:trojan-activity;sid:84348553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485454)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"eversioneweb.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485454/; classtype:trojan-activity;sid:84348554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485445)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"eversioneweb.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485445/; classtype:trojan-activity;sid:84348545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485434)"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.115.172.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485434/; classtype:trojan-activity;sid:84348534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485435)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.115.172.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485435/; classtype:trojan-activity;sid:84348535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485436)"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.115.172.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485436/; classtype:trojan-activity;sid:84348536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485437)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.115.172.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485437/; classtype:trojan-activity;sid:84348537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485438)"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.115.172.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485438/; classtype:trojan-activity;sid:84348538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485439)"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.115.172.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485439/; classtype:trojan-activity;sid:84348539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485440)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.115.172.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485440/; classtype:trojan-activity;sid:84348540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485441)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.115.172.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485441/; classtype:trojan-activity;sid:84348541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485442)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"93.115.172.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485442/; classtype:trojan-activity;sid:84348542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485443)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.115.172.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485443/; classtype:trojan-activity;sid:84348543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485444)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.115.172.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485444/; classtype:trojan-activity;sid:84348544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485433)"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.115.172.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485433/; classtype:trojan-activity;sid:84348533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485432/; classtype:trojan-activity;sid:84348532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.176.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485431/; classtype:trojan-activity;sid:84348531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.115.87.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485429/; classtype:trojan-activity;sid:84348529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"208.89.168.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485430/; classtype:trojan-activity;sid:84348530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.163.57.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485428/; classtype:trojan-activity;sid:84348528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.183.86.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485426/; classtype:trojan-activity;sid:84348526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.187.9.217"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485427/; classtype:trojan-activity;sid:84348527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.41.219.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485422/; classtype:trojan-activity;sid:84348522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.119.230.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485423/; classtype:trojan-activity;sid:84348523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.116.185.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485424/; classtype:trojan-activity;sid:84348524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.24.157.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485425/; classtype:trojan-activity;sid:84348525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.21.130.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485416/; classtype:trojan-activity;sid:84348516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.240.204.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485417/; classtype:trojan-activity;sid:84348517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.20.104.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485418/; classtype:trojan-activity;sid:84348518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.230.50.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485419/; classtype:trojan-activity;sid:84348519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.98.167.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485420/; classtype:trojan-activity;sid:84348520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.131.115.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485421/; classtype:trojan-activity;sid:84348521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.77.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485414/; classtype:trojan-activity;sid:84348514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.98.195.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485415/; classtype:trojan-activity;sid:84348515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.23.105.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485412/; classtype:trojan-activity;sid:84348512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.15.170.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485413/; classtype:trojan-activity;sid:84348513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.117.24.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485411/; classtype:trojan-activity;sid:84348511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"153.35.159.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485410/; classtype:trojan-activity;sid:84348510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485409)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.104.25.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485409/; classtype:trojan-activity;sid:84348509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.235.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485408/; classtype:trojan-activity;sid:84348508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485407)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.155.44.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485407/; classtype:trojan-activity;sid:84348507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485405)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.186.17.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485405/; classtype:trojan-activity;sid:84348505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485406)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"148.66.2.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485406/; classtype:trojan-activity;sid:84348506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485403)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.241.195.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485403/; classtype:trojan-activity;sid:84348503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485404)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"148.66.2.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485404/; classtype:trojan-activity;sid:84348504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485402)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"148.66.2.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485402/; classtype:trojan-activity;sid:84348502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485398)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.44.194.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485398/; classtype:trojan-activity;sid:84348498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485399)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.159.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485399/; classtype:trojan-activity;sid:84348499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485400)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.43.166.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485400/; classtype:trojan-activity;sid:84348500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485401)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.189.2.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485401/; classtype:trojan-activity;sid:84348501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485395)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.126.87.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485395/; classtype:trojan-activity;sid:84348495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485396)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.94.218.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485396/; classtype:trojan-activity;sid:84348496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485397)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.126.87.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485397/; classtype:trojan-activity;sid:84348497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485392)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"112.53.96.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485392/; classtype:trojan-activity;sid:84348492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485393)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"148.66.2.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485393/; classtype:trojan-activity;sid:84348493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485394)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"148.66.2.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485394/; classtype:trojan-activity;sid:84348494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485381)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.71.161.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485381/; classtype:trojan-activity;sid:84348481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485382)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.95.212.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485382/; classtype:trojan-activity;sid:84348482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485383)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.94.185.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485383/; classtype:trojan-activity;sid:84348483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485384)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.148.20.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485384/; classtype:trojan-activity;sid:84348484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485385)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.27.109.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485385/; classtype:trojan-activity;sid:84348485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485386)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.36.127.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485386/; classtype:trojan-activity;sid:84348486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485387)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.42.18.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485387/; classtype:trojan-activity;sid:84348487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485388)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.14.123.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485388/; classtype:trojan-activity;sid:84348488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485389)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"142.171.116.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485389/; classtype:trojan-activity;sid:84348489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485390)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.26.226.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485390/; classtype:trojan-activity;sid:84348490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485391)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.138.54.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485391/; classtype:trojan-activity;sid:84348491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485373)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"20.83.148.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485373/; classtype:trojan-activity;sid:84348473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485374)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.92.211.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485374/; classtype:trojan-activity;sid:84348474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485375)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.103.98.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485375/; classtype:trojan-activity;sid:84348475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485376)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.35.228.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485376/; classtype:trojan-activity;sid:84348476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485377)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.95.8.59"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485377/; classtype:trojan-activity;sid:84348477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485378)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.31.16.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485378/; classtype:trojan-activity;sid:84348478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485379)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.15.34.67"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485379/; classtype:trojan-activity;sid:84348479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485380)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.112.118.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485380/; classtype:trojan-activity;sid:84348480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485372)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.243.99.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485372/; classtype:trojan-activity;sid:84348472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485371)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.239.236.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485371/; classtype:trojan-activity;sid:84348471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485369)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.107.242.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485369/; classtype:trojan-activity;sid:84348469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485370)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.221.47.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485370/; classtype:trojan-activity;sid:84348470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485367)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.94.117.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485367/; classtype:trojan-activity;sid:84348467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485368)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.219.96.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485368/; classtype:trojan-activity;sid:84348468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485357)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.92.14.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485357/; classtype:trojan-activity;sid:84348457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485358)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.222.81.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485358/; classtype:trojan-activity;sid:84348458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485359)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.107.242.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485359/; classtype:trojan-activity;sid:84348459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485360)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.97.96.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485360/; classtype:trojan-activity;sid:84348460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485361)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.138.33.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485361/; classtype:trojan-activity;sid:84348461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485362)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.23.128.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485362/; classtype:trojan-activity;sid:84348462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485363)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.160.201.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485363/; classtype:trojan-activity;sid:84348463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485364)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.117.147.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485364/; classtype:trojan-activity;sid:84348464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485365)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.44.194.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485365/; classtype:trojan-activity;sid:84348465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485366)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.155.239.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485366/; classtype:trojan-activity;sid:84348466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485356)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.94.218.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485356/; classtype:trojan-activity;sid:84348456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485355)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.44.154.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485355/; classtype:trojan-activity;sid:84348455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485354)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"40.81.23.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485354/; classtype:trojan-activity;sid:84348454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485353)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.94.218.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485353/; classtype:trojan-activity;sid:84348453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485351)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.94.218.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485351/; classtype:trojan-activity;sid:84348451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485352)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.94.218.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485352/; classtype:trojan-activity;sid:84348452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485350)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.94.218.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485350/; classtype:trojan-activity;sid:84348450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485349)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.94.218.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485349/; classtype:trojan-activity;sid:84348449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485345)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"13.200.162.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485345/; classtype:trojan-activity;sid:84348445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485346)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.99.169.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485346/; classtype:trojan-activity;sid:84348446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485347)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.221.41.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485347/; classtype:trojan-activity;sid:84348447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485348)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.12.149.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485348/; classtype:trojan-activity;sid:84348448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485343)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.103.57.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485343/; classtype:trojan-activity;sid:84348443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485344)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.100.176.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485344/; classtype:trojan-activity;sid:84348444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485339)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.94.249.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485339/; classtype:trojan-activity;sid:84348439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485340)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.94.249.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485340/; classtype:trojan-activity;sid:84348440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485341)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.94.249.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485341/; classtype:trojan-activity;sid:84348441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485342)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.92.142.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485342/; classtype:trojan-activity;sid:84348442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.0.90"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485338/; classtype:trojan-activity;sid:84348438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.21.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485337/; classtype:trojan-activity;sid:84348437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485336/; classtype:trojan-activity;sid:84348436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.185.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485335/; classtype:trojan-activity;sid:84348435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.60.181.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485334/; classtype:trojan-activity;sid:84348434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.61.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485333/; classtype:trojan-activity;sid:84348433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485331)"; flow:established,from_client; content:"GET"; http_method; content:"/sh.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485331/; classtype:trojan-activity;sid:84348431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485332)"; flow:established,from_client; content:"GET"; http_method; content:"/aasdasdqrunshkkkkkkk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485332/; classtype:trojan-activity;sid:84348432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485330)"; flow:established,from_client; content:"GET"; http_method; content:"/asdqsadsdahhhhhtxt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485330/; classtype:trojan-activity;sid:84348430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485329)"; flow:established,from_client; content:"GET"; http_method; content:"/ps_z.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485329/; classtype:trojan-activity;sid:84348429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.34.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485328/; classtype:trojan-activity;sid:84348428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.235.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485327/; classtype:trojan-activity;sid:84348427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485326)"; flow:established,from_client; content:"GET"; http_method; content:"/staleakjkl.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485326/; classtype:trojan-activity;sid:84348426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.79.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485325/; classtype:trojan-activity;sid:84348425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.185.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485324/; classtype:trojan-activity;sid:84348424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485323/; classtype:trojan-activity;sid:84348423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.61.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485322/; classtype:trojan-activity;sid:84348422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485321)"; flow:established,from_client; content:"GET"; http_method; content:"/a07daa7aeaf96e14/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"77.90.153.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485321/; classtype:trojan-activity;sid:84348421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485317)"; flow:established,from_client; content:"GET"; http_method; content:"/a07daa7aeaf96e14/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"77.90.153.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485317/; classtype:trojan-activity;sid:84348417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485318)"; flow:established,from_client; content:"GET"; http_method; content:"/a07daa7aeaf96e14/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"77.90.153.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485318/; classtype:trojan-activity;sid:84348418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485319)"; flow:established,from_client; content:"GET"; http_method; content:"/a07daa7aeaf96e14/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"77.90.153.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485319/; classtype:trojan-activity;sid:84348419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485320)"; flow:established,from_client; content:"GET"; http_method; content:"/a07daa7aeaf96e14/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"77.90.153.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485320/; classtype:trojan-activity;sid:84348420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485316)"; flow:established,from_client; content:"GET"; http_method; content:"/a07daa7aeaf96e14/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"77.90.153.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485316/; classtype:trojan-activity;sid:84348416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485315)"; flow:established,from_client; content:"GET"; http_method; content:"/a07daa7aeaf96e14/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"77.90.153.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485315/; classtype:trojan-activity;sid:84348415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.146.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485314/; classtype:trojan-activity;sid:84348414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.128.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485313/; classtype:trojan-activity;sid:84348413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485312)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.43.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485312/; classtype:trojan-activity;sid:84348412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485308)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.43.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485308/; classtype:trojan-activity;sid:84348408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485309)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.141.43.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485309/; classtype:trojan-activity;sid:84348409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485310)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.43.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485310/; classtype:trojan-activity;sid:84348410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.60.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485311/; classtype:trojan-activity;sid:84348411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.64.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485307/; classtype:trojan-activity;sid:84348407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.227.7.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485306/; classtype:trojan-activity;sid:84348406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.235.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485305/; classtype:trojan-activity;sid:84348405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485304/; classtype:trojan-activity;sid:84348404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485303)"; flow:established,from_client; content:"GET"; http_method; content:"/lkve9jugyt/jwyt4py98x.arm"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"209.141.43.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485303/; classtype:trojan-activity;sid:84348403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.214.57.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485302/; classtype:trojan-activity;sid:84348402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485300)"; flow:established,from_client; content:"GET"; http_method; content:"/lkve9jugyt/jwyt4py98x.mips"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"209.141.43.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485300/; classtype:trojan-activity;sid:84348400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485301)"; flow:established,from_client; content:"GET"; http_method; content:"/lkve9jugyt/jwyt4py98x.arm5"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"209.141.43.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485301/; classtype:trojan-activity;sid:84348401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485294)"; flow:established,from_client; content:"GET"; http_method; content:"/lkve9jugyt/jwyt4py98x.ppc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"209.141.43.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485294/; classtype:trojan-activity;sid:84348394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485295)"; flow:established,from_client; content:"GET"; http_method; content:"/lkve9jugyt/jwyt4py98x.x86"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"209.141.43.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485295/; classtype:trojan-activity;sid:84348395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485296)"; flow:established,from_client; content:"GET"; http_method; content:"/lkve9jugyt/jwyt4py98x.m68k"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"209.141.43.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485296/; classtype:trojan-activity;sid:84348396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485297)"; flow:established,from_client; content:"GET"; http_method; content:"/lkve9jugyt/jwyt4py98x.mpsl"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"209.141.43.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485297/; classtype:trojan-activity;sid:84348397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485298)"; flow:established,from_client; content:"GET"; http_method; content:"/lkve9jugyt/jwyt4py98x.arm7"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"209.141.43.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485298/; classtype:trojan-activity;sid:84348398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485299)"; flow:established,from_client; content:"GET"; http_method; content:"/lkve9jugyt/jwyt4py98x.arm6"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"209.141.43.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485299/; classtype:trojan-activity;sid:84348399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485293)"; flow:established,from_client; content:"GET"; http_method; content:"/.puscarie/.msq.tar"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"104.245.240.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485293/; classtype:trojan-activity;sid:84348393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485292)"; flow:established,from_client; content:"GET"; http_method; content:"/.puscarie/.report_system"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"104.245.240.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485292/; classtype:trojan-activity;sid:84348392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485291)"; flow:established,from_client; content:"GET"; http_method; content:"/.puscarie/.main"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"104.245.240.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485291/; classtype:trojan-activity;sid:84348391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.192.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485290/; classtype:trojan-activity;sid:84348390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.214.57.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485289/; classtype:trojan-activity;sid:84348389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.113.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485288/; classtype:trojan-activity;sid:84348388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.60.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485287/; classtype:trojan-activity;sid:84348387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.222.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485286/; classtype:trojan-activity;sid:84348386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.118.97.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485281/; classtype:trojan-activity;sid:84348381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.244.73.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485282/; classtype:trojan-activity;sid:84348382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.98.38.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485283/; classtype:trojan-activity;sid:84348383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.0.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485284/; classtype:trojan-activity;sid:84348384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.225.231.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485285/; classtype:trojan-activity;sid:84348385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485278/; classtype:trojan-activity;sid:84348378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485279/; classtype:trojan-activity;sid:84348379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.213.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485280/; classtype:trojan-activity;sid:84348380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.0.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485277/; classtype:trojan-activity;sid:84348377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.154.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485276/; classtype:trojan-activity;sid:84348376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.107.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485275/; classtype:trojan-activity;sid:84348375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485273)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.253.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485273/; classtype:trojan-activity;sid:84348373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485274)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.179.184.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485274/; classtype:trojan-activity;sid:84348374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.235.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485272/; classtype:trojan-activity;sid:84348372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.60.181.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485271/; classtype:trojan-activity;sid:84348371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.227.7.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485270/; classtype:trojan-activity;sid:84348370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485269)"; flow:established,from_client; content:"GET"; http_method; content:"/9nn5y6ij9e.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485269/; classtype:trojan-activity;sid:84348369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.222.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485268/; classtype:trojan-activity;sid:84348368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.65.33.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485267/; classtype:trojan-activity;sid:84348367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.192.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485266/; classtype:trojan-activity;sid:84348366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.125.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485265/; classtype:trojan-activity;sid:84348365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.206.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485264/; classtype:trojan-activity;sid:84348364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485263)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.ioqoda.icu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485263/; classtype:trojan-activity;sid:84348363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.204.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485262/; classtype:trojan-activity;sid:84348362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.39.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485261/; classtype:trojan-activity;sid:84348361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.122.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485260/; classtype:trojan-activity;sid:84348360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.155.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485259/; classtype:trojan-activity;sid:84348359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.165.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485258/; classtype:trojan-activity;sid:84348358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.204.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485257/; classtype:trojan-activity;sid:84348357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.156.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485256/; classtype:trojan-activity;sid:84348356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.100.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485255/; classtype:trojan-activity;sid:84348355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.5.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485254/; classtype:trojan-activity;sid:84348354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485253)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.oegebo.icu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485253/; classtype:trojan-activity;sid:84348353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.93.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485252/; classtype:trojan-activity;sid:84348352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.162.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485251/; classtype:trojan-activity;sid:84348351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.162.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485250/; classtype:trojan-activity;sid:84348350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.246.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485249/; classtype:trojan-activity;sid:84348349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485248)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2022/10/hemigastrectomysdur.php"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"casettalecese.it"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485248/; classtype:trojan-activity;sid:84348348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485246)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2020/02/patrolwomen1gx.php"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"elektrablasi.it"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485246/; classtype:trojan-activity;sid:84348346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485247)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2022/10/bivalviagrr.php"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"casettalecese.it"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485247/; classtype:trojan-activity;sid:84348347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485245)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2020/commendedtz4.php"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"www.centralelatterieti.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485245/; classtype:trojan-activity;sid:84348345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485244)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/includes/propugnaculum51.php"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"185.14.31.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485244/; classtype:trojan-activity;sid:84348344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.155.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485243/; classtype:trojan-activity;sid:84348343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485242)"; flow:established,from_client; content:"GET"; http_method; content:"/9g7blb3ipa.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485242/; classtype:trojan-activity;sid:84348342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.115.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485241/; classtype:trojan-activity;sid:84348341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.5.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485240/; classtype:trojan-activity;sid:84348340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.149.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485237/; classtype:trojan-activity;sid:84348337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.165.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485238/; classtype:trojan-activity;sid:84348338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.93.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485239/; classtype:trojan-activity;sid:84348339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.57.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485236/; classtype:trojan-activity;sid:84348336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.172.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485235/; classtype:trojan-activity;sid:84348335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.163.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485234/; classtype:trojan-activity;sid:84348334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.115.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485233/; classtype:trojan-activity;sid:84348333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.149.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485232/; classtype:trojan-activity;sid:84348332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.246.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485231/; classtype:trojan-activity;sid:84348331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.100.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485230/; classtype:trojan-activity;sid:84348330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.198.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485229/; classtype:trojan-activity;sid:84348329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.185.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485228/; classtype:trojan-activity;sid:84348328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.12.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485227/; classtype:trojan-activity;sid:84348327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.172.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485226/; classtype:trojan-activity;sid:84348326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.24.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485225/; classtype:trojan-activity;sid:84348325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.9.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485224/; classtype:trojan-activity;sid:84348324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.37.151.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485223/; classtype:trojan-activity;sid:84348323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.35.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485222/; classtype:trojan-activity;sid:84348322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.37.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485221/; classtype:trojan-activity;sid:84348321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485220)"; flow:established,from_client; content:"GET"; http_method; content:"/sn0ivc0pms.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485220/; classtype:trojan-activity;sid:84348320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.12.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485219/; classtype:trojan-activity;sid:84348319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485218)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1skqylauso-qyfwv8cpo2eztn_g9hsqpp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485218/; classtype:trojan-activity;sid:84348318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.37.151.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485217/; classtype:trojan-activity;sid:84348317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485209)"; flow:established,from_client; content:"GET"; http_method; content:"/francoutp/hydrogen-executor/releases/download/v2.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485209/; classtype:trojan-activity;sid:84348309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485210)"; flow:established,from_client; content:"GET"; http_method; content:"/duduzx/como-ba/releases/download/v1.0/application.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485210/; classtype:trojan-activity;sid:84348310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485211)"; flow:established,from_client; content:"GET"; http_method; content:"/gusttahtxdev/roblox-incognito/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485211/; classtype:trojan-activity;sid:84348311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485212)"; flow:established,from_client; content:"GET"; http_method; content:"/anikthakur05/nosferatu-2/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485212/; classtype:trojan-activity;sid:84348312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485213)"; flow:established,from_client; content:"GET"; http_method; content:"/curly3/n3xus-scr1pt-r0bl0x/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485213/; classtype:trojan-activity;sid:84348313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485214)"; flow:established,from_client; content:"GET"; http_method; content:"/roblox12400z/dx9ware-roblox/releases/download/v1.0/app.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485214/; classtype:trojan-activity;sid:84348314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485215)"; flow:established,from_client; content:"GET"; http_method; content:"/salsiii/codex-roblox/releases/download/v1.0/app.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485215/; classtype:trojan-activity;sid:84348315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485216)"; flow:established,from_client; content:"GET"; http_method; content:"/7grimreaper7/roblox-beaming-tool/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485216/; classtype:trojan-activity;sid:84348316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485198)"; flow:established,from_client; content:"GET"; http_method; content:"/maiosn12/celex-executor/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485198/; classtype:trojan-activity;sid:84348298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485199)"; flow:established,from_client; content:"GET"; http_method; content:"/jslegido/cryptic-executor/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485199/; classtype:trojan-activity;sid:84348299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485200)"; flow:established,from_client; content:"GET"; http_method; content:"/karim2008n/codex-roblox-2025/releases/download/v1.0/soft.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485200/; classtype:trojan-activity;sid:84348300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485201)"; flow:established,from_client; content:"GET"; http_method; content:"/ffffffwasredsfsdfse/arceus-executor/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485201/; classtype:trojan-activity;sid:84348301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485202)"; flow:established,from_client; content:"GET"; http_method; content:"/maiosn12/celex-executor/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485202/; classtype:trojan-activity;sid:84348302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485203)"; flow:established,from_client; content:"GET"; http_method; content:"/tintermet/argon-executor-25/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485203/; classtype:trojan-activity;sid:84348303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485204)"; flow:established,from_client; content:"GET"; http_method; content:"/170/ebc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"172.245.123.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485204/; classtype:trojan-activity;sid:84348304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485205)"; flow:established,from_client; content:"GET"; http_method; content:"/r/5lgvwhz0/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485205/; classtype:trojan-activity;sid:84348305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485206)"; flow:established,from_client; content:"GET"; http_method; content:"/chrisisme5/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485206/; classtype:trojan-activity;sid:84348306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485207)"; flow:established,from_client; content:"GET"; http_method; content:"/anikthakur05/nosferatu-2/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485207/; classtype:trojan-activity;sid:84348307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485208)"; flow:established,from_client; content:"GET"; http_method; content:"/salsiii/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485208/; classtype:trojan-activity;sid:84348308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485195)"; flow:established,from_client; content:"GET"; http_method; content:"/francoutp/hydrogen-executor/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485195/; classtype:trojan-activity;sid:84348295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485196)"; flow:established,from_client; content:"GET"; http_method; content:"/massambaf/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485196/; classtype:trojan-activity;sid:84348296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485197)"; flow:established,from_client; content:"GET"; http_method; content:"/7grimreaper7/roblox-beaming-tool/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485197/; classtype:trojan-activity;sid:84348297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485194)"; flow:established,from_client; content:"GET"; http_method; content:"/febrixd/synapsez-executor/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485194/; classtype:trojan-activity;sid:84348294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485193)"; flow:established,from_client; content:"GET"; http_method; content:"/khalid2344/mint-executor/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485193/; classtype:trojan-activity;sid:84348293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485190)"; flow:established,from_client; content:"GET"; http_method; content:"/iancutkd/codex-roblox/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485190/; classtype:trojan-activity;sid:84348290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485191)"; flow:established,from_client; content:"GET"; http_method; content:"/asmuiazfar/luna-executor/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485191/; classtype:trojan-activity;sid:84348291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485192)"; flow:established,from_client; content:"GET"; http_method; content:"/asmuiazfar/luna-executor/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485192/; classtype:trojan-activity;sid:84348292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.35.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485189/; classtype:trojan-activity;sid:84348289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.9.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485188/; classtype:trojan-activity;sid:84348288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.207.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485187/; classtype:trojan-activity;sid:84348287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.73.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485186/; classtype:trojan-activity;sid:84348286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.37.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485185/; classtype:trojan-activity;sid:84348285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.118.245.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485184/; classtype:trojan-activity;sid:84348284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.118.240.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485183/; classtype:trojan-activity;sid:84348283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.207.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485182/; classtype:trojan-activity;sid:84348282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.213.179.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485181/; classtype:trojan-activity;sid:84348281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.92.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485180/; classtype:trojan-activity;sid:84348280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.226.166.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485179/; classtype:trojan-activity;sid:84348279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.4.2.45"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485178/; classtype:trojan-activity;sid:84348278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.72.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485177/; classtype:trojan-activity;sid:84348277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.109.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485175/; classtype:trojan-activity;sid:84348275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.73.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485176/; classtype:trojan-activity;sid:84348276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.200.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485174/; classtype:trojan-activity;sid:84348274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485173)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.66.164.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485173/; classtype:trojan-activity;sid:84348273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485172)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.165.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485172/; classtype:trojan-activity;sid:84348272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.174.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485170/; classtype:trojan-activity;sid:84348270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485171)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.60.49.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485171/; classtype:trojan-activity;sid:84348271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.70.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485169/; classtype:trojan-activity;sid:84348269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.127.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485168/; classtype:trojan-activity;sid:84348268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.39.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485166/; classtype:trojan-activity;sid:84348266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485167)"; flow:established,from_client; content:"GET"; http_method; content:"/t8ef8zvalf.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485167/; classtype:trojan-activity;sid:84348267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.4.2.45"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485165/; classtype:trojan-activity;sid:84348265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.245.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485164/; classtype:trojan-activity;sid:84348264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.22.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485163/; classtype:trojan-activity;sid:84348263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.174.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485162/; classtype:trojan-activity;sid:84348262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485161)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/mtgf/170.hta"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"172.245.123.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485161/; classtype:trojan-activity;sid:84348261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485160)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/ekmo/ekm/meguebestkingofinternationalkingscomingback.hta"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"192.3.101.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485160/; classtype:trojan-activity;sid:84348260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485159)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dl8ji83vtjorv4lmza8as4kogvfdw-9u"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485159/; classtype:trojan-activity;sid:84348259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485158)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cyo-0ltl6kjjulr3eobfnzs71dvayqn-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485158/; classtype:trojan-activity;sid:84348258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485156)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1igiw001gmmigp--_vnrjdxob9jdcx79i"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485156/; classtype:trojan-activity;sid:84348256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485157)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=14wyvktj94ft662sdrv4f7xq_elbne9pk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485157/; classtype:trojan-activity;sid:84348257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485155)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1v2tgb2g7vviu8mokmwwheaevfcmacou8"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485155/; classtype:trojan-activity;sid:84348255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485152)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ljeur3nyyghkno8rpr3djlli3fpp6rpq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485152/; classtype:trojan-activity;sid:84348252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485153)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=129acvaqkp9psoaohttx4t_rnzelxub-0"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485153/; classtype:trojan-activity;sid:84348253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485154)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kzbxe0sxh2nekdwfbbrvyzg6vsu-nmci"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485154/; classtype:trojan-activity;sid:84348254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485151)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wol0s1quyff7bi_l1jxyjtgsycluh1ma"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485151/; classtype:trojan-activity;sid:84348251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.231.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485150/; classtype:trojan-activity;sid:84348250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.109.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485149/; classtype:trojan-activity;sid:84348249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485148)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=15bq3j6wnpe0_ub_caly0sdlnejuaumtt"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485148/; classtype:trojan-activity;sid:84348248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485147)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gv9ncn7ieurj3a67o5uuqxssxazmt3rw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485147/; classtype:trojan-activity;sid:84348247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485146)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1vsw5m79rg-p7ztabo_rqgj0te2_yfdgr"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485146/; classtype:trojan-activity;sid:84348246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485144)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1k4idibw1vtsntpbqtvbfabfgm2h5s14d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485144/; classtype:trojan-activity;sid:84348244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485145)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1tzdodbo-ed-uiixuoq1xe8y6kkkge1yd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485145/; classtype:trojan-activity;sid:84348245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485143)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.eucudo.icu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485143/; classtype:trojan-activity;sid:84348243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485142)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1s46mxko2id-2zmlu5qgfzwxp6mcqoop6"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485142/; classtype:trojan-activity;sid:84348242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485141)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=15f0nmphqzr2sf_nzny7uupk5obu8am7g"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485141/; classtype:trojan-activity;sid:84348241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485140)"; flow:established,from_client; content:"GET"; http_method; content:"/dalsaniyacoomercio/hydrogen-executor/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485140/; classtype:trojan-activity;sid:84348240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.17.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485139/; classtype:trojan-activity;sid:84348239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485138)"; flow:established,from_client; content:"GET"; http_method; content:"/essmalafama120/fortnitespoofer/releases/download/3.3.2/fortnitespoofer.3.3.2.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485138/; classtype:trojan-activity;sid:84348238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.29.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485136/; classtype:trojan-activity;sid:84348236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.22.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485137/; classtype:trojan-activity;sid:84348237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485135)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1p0f9vspxzv8iuvw1rxxrbpwqkgiynrls"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485135/; classtype:trojan-activity;sid:84348235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.15.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485134/; classtype:trojan-activity;sid:84348234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485133)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1y7oaxxr2jlnva1uy_lp1sbeei-whdyat"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485133/; classtype:trojan-activity;sid:84348233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485132)"; flow:established,from_client; content:"GET"; http_method; content:"/5jp59y6b7.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dpaste.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485132/; classtype:trojan-activity;sid:84348232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485131)"; flow:established,from_client; content:"GET"; http_method; content:"/115/mygirlbeautifuleveriseenmycutegirlsheismydear.txt"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"109.172.87.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485131/; classtype:trojan-activity;sid:84348231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.31.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485130/; classtype:trojan-activity;sid:84348230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.231.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485129/; classtype:trojan-activity;sid:84348229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.71.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485128/; classtype:trojan-activity;sid:84348228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.15.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485127/; classtype:trojan-activity;sid:84348227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485126)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1km_hwk7sn_amuk7q2dk9kttzwk1taelw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485126/; classtype:trojan-activity;sid:84348226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485125)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ek4th7ucqd9_h2yf9orhzhuallukeo0n"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485125/; classtype:trojan-activity;sid:84348225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485124)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/sasw.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"baijika.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485124/; classtype:trojan-activity;sid:84348224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.86.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485123/; classtype:trojan-activity;sid:84348223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.31.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485122/; classtype:trojan-activity;sid:84348222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485120)"; flow:established,from_client; content:"GET"; http_method; content:"/rayglazedonut/roblox-synapse/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485120/; classtype:trojan-activity;sid:84348220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485121)"; flow:established,from_client; content:"GET"; http_method; content:"/d4dpudnfv.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dpaste.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485121/; classtype:trojan-activity;sid:84348221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485119)"; flow:established,from_client; content:"GET"; http_method; content:"/112/bestbeautifulthingsentiretimebetterresultsgive.hta"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"109.172.87.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485119/; classtype:trojan-activity;sid:84348219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485118)"; flow:established,from_client; content:"GET"; http_method; content:"/neymitobr/zorara-executor/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485118/; classtype:trojan-activity;sid:84348218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485114)"; flow:established,from_client; content:"GET"; http_method; content:"/neymitobr/zorara-executor/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485114/; classtype:trojan-activity;sid:84348214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485115)"; flow:established,from_client; content:"GET"; http_method; content:"/bikash522482/roblox-oxygen/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485115/; classtype:trojan-activity;sid:84348215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485116)"; flow:established,from_client; content:"GET"; http_method; content:"/sporty18000/mobiledit-forensic-express-pro-free/releases/download/v1.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485116/; classtype:trojan-activity;sid:84348216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485117)"; flow:established,from_client; content:"GET"; http_method; content:"/y9087/deep-live-cam-by-fx/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485117/; classtype:trojan-activity;sid:84348217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485112)"; flow:established,from_client; content:"GET"; http_method; content:"/filipxvz/roblox-synapse/releases/download/v1.6.2/roblox.synapse.v1.6.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485112/; classtype:trojan-activity;sid:84348212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485113)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"etheliumcheats.pro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485113/; classtype:trojan-activity;sid:84348213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485111)"; flow:established,from_client; content:"GET"; http_method; content:"/msaad453/nexus-roblox/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485111/; classtype:trojan-activity;sid:84348211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485110)"; flow:established,from_client; content:"GET"; http_method; content:"/rayglazedonut/roblox-synapse/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485110/; classtype:trojan-activity;sid:84348210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.53.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485109/; classtype:trojan-activity;sid:84348209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.70.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485108/; classtype:trojan-activity;sid:84348208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.5.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485107/; classtype:trojan-activity;sid:84348207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485106)"; flow:established,from_client; content:"GET"; http_method; content:"/578/vfc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"198.23.212.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485106/; classtype:trojan-activity;sid:84348206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485105)"; flow:established,from_client; content:"GET"; http_method; content:"/kumulallalaconstraints.vbs"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"192.3.216.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485105/; classtype:trojan-activity;sid:84348205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485104)"; flow:established,from_client; content:"GET"; http_method; content:"/331/seethebestthingsofgirlssheisamontherfucker.tif"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"198.23.212.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485104/; classtype:trojan-activity;sid:84348204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485103)"; flow:established,from_client; content:"GET"; http_method; content:"/4adhwtvgml.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485103/; classtype:trojan-activity;sid:84348203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485100)"; flow:established,from_client; content:"GET"; http_method; content:"/tpjnzovlmek.mp4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.70.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485100/; classtype:trojan-activity;sid:84348200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485101)"; flow:established,from_client; content:"GET"; http_method; content:"/qrxzkrqclcq.mp4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.70.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485101/; classtype:trojan-activity;sid:84348201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485102)"; flow:established,from_client; content:"GET"; http_method; content:"/phjaxdujxy.wav"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.70.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485102/; classtype:trojan-activity;sid:84348202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485099)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.eozusa.icu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485099/; classtype:trojan-activity;sid:84348199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.118.240.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485098/; classtype:trojan-activity;sid:84348198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485097)"; flow:established,from_client; content:"GET"; http_method; content:"/53m7iv6vm7.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485097/; classtype:trojan-activity;sid:84348197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.159.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485096/; classtype:trojan-activity;sid:84348196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.14.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485095/; classtype:trojan-activity;sid:84348195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485094)"; flow:established,from_client; content:"GET"; http_method; content:"/75/nices.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"192.3.101.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485094/; classtype:trojan-activity;sid:84348194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485093)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.yonuga.icu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485093/; classtype:trojan-activity;sid:84348193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.218.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485092/; classtype:trojan-activity;sid:84348192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.250.4.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485091/; classtype:trojan-activity;sid:84348191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.86.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485090/; classtype:trojan-activity;sid:84348190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.86.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485089/; classtype:trojan-activity;sid:84348189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.243.225.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485088/; classtype:trojan-activity;sid:84348188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.223.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485087/; classtype:trojan-activity;sid:84348187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.14.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485086/; classtype:trojan-activity;sid:84348186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485085)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.eezedu.icu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485085/; classtype:trojan-activity;sid:84348185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.80.0.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485083/; classtype:trojan-activity;sid:84348183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485084/; classtype:trojan-activity;sid:84348184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.243.225.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485082/; classtype:trojan-activity;sid:84348182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.223.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485081/; classtype:trojan-activity;sid:84348181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.29.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485080/; classtype:trojan-activity;sid:84348180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.103.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485079/; classtype:trojan-activity;sid:84348179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.144.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485078/; classtype:trojan-activity;sid:84348178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485076)"; flow:established,from_client; content:"GET"; http_method; content:"/file/steph.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485076/; classtype:trojan-activity;sid:84348176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485077)"; flow:established,from_client; content:"GET"; http_method; content:"/file/kennnttt.ps1"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485077/; classtype:trojan-activity;sid:84348177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485073)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/swety/sheisverybeautifulgirlwithnicelipsandallgreat.png"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"104.168.7.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485073/; classtype:trojan-activity;sid:84348173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485074)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/milkmist/veryniceandgoodsweetmilkymistwhichtastty.png"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"144.91.127.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485074/; classtype:trojan-activity;sid:84348174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485075)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/nc/new_image.jpg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"144.91.127.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485075/; classtype:trojan-activity;sid:84348175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485072)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/swety/sheisverybeautifulgirlwithnicelipsandallgreat.txt"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"104.168.7.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485072/; classtype:trojan-activity;sid:84348172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485071)"; flow:established,from_client; content:"GET"; http_method; content:"/pzqnfoyzhsfpli222.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"204.10.160.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485071/; classtype:trojan-activity;sid:84348171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485070)"; flow:established,from_client; content:"GET"; http_method; content:"/pziko233.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.144.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485070/; classtype:trojan-activity;sid:84348170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485069)"; flow:established,from_client; content:"GET"; http_method; content:"/il6le0br1h.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485069/; classtype:trojan-activity;sid:84348169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.19.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485068/; classtype:trojan-activity;sid:84348168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485067)"; flow:established,from_client; content:"GET"; http_method; content:"/vre"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"anaba.hopto.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485067/; classtype:trojan-activity;sid:84348167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.80.0.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485066/; classtype:trojan-activity;sid:84348166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485065/; classtype:trojan-activity;sid:84348165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.114.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485064/; classtype:trojan-activity;sid:84348164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.161.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485063/; classtype:trojan-activity;sid:84348163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.84.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485062/; classtype:trojan-activity;sid:84348162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.158.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485061/; classtype:trojan-activity;sid:84348161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.177.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485060/; classtype:trojan-activity;sid:84348160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.19.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485057/; classtype:trojan-activity;sid:84348157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485058)"; flow:established,from_client; content:"GET"; http_method; content:"/xbe/xz.vue"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"meet-join.us"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485058/; classtype:trojan-activity;sid:84348158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485059)"; flow:established,from_client; content:"GET"; http_method; content:"/xbe/xbe.vue"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"meet-join.us"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485059/; classtype:trojan-activity;sid:84348159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485056)"; flow:established,from_client; content:"GET"; http_method; content:"/xbe/x7.vue"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"meet-join.us"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485056/; classtype:trojan-activity;sid:84348156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.63.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485055/; classtype:trojan-activity;sid:84348155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.237.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485053/; classtype:trojan-activity;sid:84348153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.2.174"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485054/; classtype:trojan-activity;sid:84348154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.187.198.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485052/; classtype:trojan-activity;sid:84348152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.114.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485051/; classtype:trojan-activity;sid:84348151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485050/; classtype:trojan-activity;sid:84348150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.158.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485049/; classtype:trojan-activity;sid:84348149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.215.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485048/; classtype:trojan-activity;sid:84348148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.185.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485047/; classtype:trojan-activity;sid:84348147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.120.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485046/; classtype:trojan-activity;sid:84348146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.181.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485045/; classtype:trojan-activity;sid:84348145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485044)"; flow:established,from_client; content:"GET"; http_method; content:"/ht-jupit"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"134.199.209.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485044/; classtype:trojan-activity;sid:84348144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485043)"; flow:established,from_client; content:"GET"; http_method; content:"/ulinux-logs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"142.93.224.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485043/; classtype:trojan-activity;sid:84348143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.225.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485042/; classtype:trojan-activity;sid:84348142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.101.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485041/; classtype:trojan-activity;sid:84348141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.166.104.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485040/; classtype:trojan-activity;sid:84348140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485039/; classtype:trojan-activity;sid:84348139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.244.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485038/; classtype:trojan-activity;sid:84348138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.85.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485037/; classtype:trojan-activity;sid:84348137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.205.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485036/; classtype:trojan-activity;sid:84348136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.174.116.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485035/; classtype:trojan-activity;sid:84348135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.177.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485033/; classtype:trojan-activity;sid:84348133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.192.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485034/; classtype:trojan-activity;sid:84348134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485032/; classtype:trojan-activity;sid:84348132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.123.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485031/; classtype:trojan-activity;sid:84348131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.179.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485029/; classtype:trojan-activity;sid:84348129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.244.73.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485030/; classtype:trojan-activity;sid:84348130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.104.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485028/; classtype:trojan-activity;sid:84348128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485027/; classtype:trojan-activity;sid:84348127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.115.89.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485026/; classtype:trojan-activity;sid:84348126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.164.236.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485025/; classtype:trojan-activity;sid:84348125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.72.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485024/; classtype:trojan-activity;sid:84348124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.63.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485023/; classtype:trojan-activity;sid:84348123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.237.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485022/; classtype:trojan-activity;sid:84348122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.237.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485021/; classtype:trojan-activity;sid:84348121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.95.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485020/; classtype:trojan-activity;sid:84348120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.187.198.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485019/; classtype:trojan-activity;sid:84348119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485018/; classtype:trojan-activity;sid:84348118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485017)"; flow:established,from_client; content:"GET"; http_method; content:"/dburnrtq7t.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485017/; classtype:trojan-activity;sid:84348117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"163.5.149.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485016/; classtype:trojan-activity;sid:84348116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.225.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485014/; classtype:trojan-activity;sid:84348114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.120.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485013/; classtype:trojan-activity;sid:84348113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485011)"; flow:established,from_client; content:"GET"; http_method; content:"/nimips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485011/; classtype:trojan-activity;sid:84348111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485012)"; flow:established,from_client; content:"GET"; http_method; content:"/nimips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485012/; classtype:trojan-activity;sid:84348112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485010)"; flow:established,from_client; content:"GET"; http_method; content:"/nimips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485010/; classtype:trojan-activity;sid:84348110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.95.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485009/; classtype:trojan-activity;sid:84348109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484986)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484986/; classtype:trojan-activity;sid:84348086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484987)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484987/; classtype:trojan-activity;sid:84348087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484988)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484988/; classtype:trojan-activity;sid:84348088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484989)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484989/; classtype:trojan-activity;sid:84348089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484990)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484990/; classtype:trojan-activity;sid:84348090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484991)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484991/; classtype:trojan-activity;sid:84348091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484992)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484992/; classtype:trojan-activity;sid:84348092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484993)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484993/; classtype:trojan-activity;sid:84348093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484994)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484994/; classtype:trojan-activity;sid:84348094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484995)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484995/; classtype:trojan-activity;sid:84348095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484996)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484996/; classtype:trojan-activity;sid:84348096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484997)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484997/; classtype:trojan-activity;sid:84348097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484998)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484998/; classtype:trojan-activity;sid:84348098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484999)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484999/; classtype:trojan-activity;sid:84348099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485000)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485000/; classtype:trojan-activity;sid:84348100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485001)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485001/; classtype:trojan-activity;sid:84348101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485002)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485002/; classtype:trojan-activity;sid:84348102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485003)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485003/; classtype:trojan-activity;sid:84348103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485004)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485004/; classtype:trojan-activity;sid:84348104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485005)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485005/; classtype:trojan-activity;sid:84348105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485006)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485006/; classtype:trojan-activity;sid:84348106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485007)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485007/; classtype:trojan-activity;sid:84348107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485008)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485008/; classtype:trojan-activity;sid:84348108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484981)"; flow:established,from_client; content:"GET"; http_method; content:"/file/2spx3jkr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mega.nz"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484981/; classtype:trojan-activity;sid:84348081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484982)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484982/; classtype:trojan-activity;sid:84348082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484983)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484983/; classtype:trojan-activity;sid:84348083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484984)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484984/; classtype:trojan-activity;sid:84348084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484985)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484985/; classtype:trojan-activity;sid:84348085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484975)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484975/; classtype:trojan-activity;sid:84348075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484976)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484976/; classtype:trojan-activity;sid:84348076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484977)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484977/; classtype:trojan-activity;sid:84348077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484978)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484978/; classtype:trojan-activity;sid:84348078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484979)"; flow:established,from_client; content:"GET"; http_method; content:"/studiolegaleclearygottlieb"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"t.ly"; http_host; depth:4; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484979/; classtype:trojan-activity;sid:84348079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484980)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484980/; classtype:trojan-activity;sid:84348080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484958)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484958/; classtype:trojan-activity;sid:84348058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484959)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484959/; classtype:trojan-activity;sid:84348059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484960)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484960/; classtype:trojan-activity;sid:84348060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484961)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484961/; classtype:trojan-activity;sid:84348061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484962)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484962/; classtype:trojan-activity;sid:84348062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484963)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484963/; classtype:trojan-activity;sid:84348063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484964)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484964/; classtype:trojan-activity;sid:84348064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484965)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484965/; classtype:trojan-activity;sid:84348065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484966)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484966/; classtype:trojan-activity;sid:84348066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484967)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484967/; classtype:trojan-activity;sid:84348067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484968)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484968/; classtype:trojan-activity;sid:84348068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484969)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484969/; classtype:trojan-activity;sid:84348069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484970)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484970/; classtype:trojan-activity;sid:84348070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484971)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484971/; classtype:trojan-activity;sid:84348071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484972)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484972/; classtype:trojan-activity;sid:84348072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484973)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484973/; classtype:trojan-activity;sid:84348073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484974)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484974/; classtype:trojan-activity;sid:84348074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484950)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484950/; classtype:trojan-activity;sid:84348050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484951)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484951/; classtype:trojan-activity;sid:84348051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484952)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484952/; classtype:trojan-activity;sid:84348052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484953)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484953/; classtype:trojan-activity;sid:84348053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484954)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484954/; classtype:trojan-activity;sid:84348054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484955)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484955/; classtype:trojan-activity;sid:84348055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484956)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484956/; classtype:trojan-activity;sid:84348056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484957)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484957/; classtype:trojan-activity;sid:84348057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484948)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484948/; classtype:trojan-activity;sid:84348048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484949)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484949/; classtype:trojan-activity;sid:84348049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484945)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484945/; classtype:trojan-activity;sid:84348045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484946)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484946/; classtype:trojan-activity;sid:84348046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484947)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484947/; classtype:trojan-activity;sid:84348047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484931)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484931/; classtype:trojan-activity;sid:84348031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484932)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484932/; classtype:trojan-activity;sid:84348032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484933)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484933/; classtype:trojan-activity;sid:84348033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484934)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484934/; classtype:trojan-activity;sid:84348034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484935)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484935/; classtype:trojan-activity;sid:84348035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484936)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484936/; classtype:trojan-activity;sid:84348036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484937)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484937/; classtype:trojan-activity;sid:84348037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484938)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484938/; classtype:trojan-activity;sid:84348038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484939)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484939/; classtype:trojan-activity;sid:84348039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484940)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484940/; classtype:trojan-activity;sid:84348040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484941)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484941/; classtype:trojan-activity;sid:84348041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484942)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484942/; classtype:trojan-activity;sid:84348042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484943)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484943/; classtype:trojan-activity;sid:84348043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484944)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484944/; classtype:trojan-activity;sid:84348044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484918)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484918/; classtype:trojan-activity;sid:84348018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484919)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484919/; classtype:trojan-activity;sid:84348019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484920)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484920/; classtype:trojan-activity;sid:84348020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484921)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484921/; classtype:trojan-activity;sid:84348021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484922)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484922/; classtype:trojan-activity;sid:84348022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484923)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484923/; classtype:trojan-activity;sid:84348023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484924)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484924/; classtype:trojan-activity;sid:84348024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484925)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484925/; classtype:trojan-activity;sid:84348025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484926)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484926/; classtype:trojan-activity;sid:84348026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484927)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484927/; classtype:trojan-activity;sid:84348027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484928)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484928/; classtype:trojan-activity;sid:84348028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484929)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484929/; classtype:trojan-activity;sid:84348029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484930)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484930/; classtype:trojan-activity;sid:84348030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484917)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484917/; classtype:trojan-activity;sid:84348017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484899)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484899/; classtype:trojan-activity;sid:84347999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484900)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484900/; classtype:trojan-activity;sid:84348000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484901)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484901/; classtype:trojan-activity;sid:84348001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484902)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484902/; classtype:trojan-activity;sid:84348002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484903)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484903/; classtype:trojan-activity;sid:84348003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484904)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484904/; classtype:trojan-activity;sid:84348004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484905)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484905/; classtype:trojan-activity;sid:84348005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484906)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484906/; classtype:trojan-activity;sid:84348006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484907)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484907/; classtype:trojan-activity;sid:84348007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484908)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484908/; classtype:trojan-activity;sid:84348008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484909)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484909/; classtype:trojan-activity;sid:84348009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484910)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484910/; classtype:trojan-activity;sid:84348010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484911)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484911/; classtype:trojan-activity;sid:84348011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484912)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484912/; classtype:trojan-activity;sid:84348012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484913)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484913/; classtype:trojan-activity;sid:84348013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484914)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484914/; classtype:trojan-activity;sid:84348014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484915)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484915/; classtype:trojan-activity;sid:84348015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484916)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484916/; classtype:trojan-activity;sid:84348016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484888)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484888/; classtype:trojan-activity;sid:84347988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484889)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484889/; classtype:trojan-activity;sid:84347989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484890)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484890/; classtype:trojan-activity;sid:84347990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484891)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484891/; classtype:trojan-activity;sid:84347991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484892)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484892/; classtype:trojan-activity;sid:84347992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484893)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484893/; classtype:trojan-activity;sid:84347993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484894)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484894/; classtype:trojan-activity;sid:84347994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484895)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484895/; classtype:trojan-activity;sid:84347995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484896)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484896/; classtype:trojan-activity;sid:84347996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484897)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484897/; classtype:trojan-activity;sid:84347997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484898)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484898/; classtype:trojan-activity;sid:84347998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484880)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484880/; classtype:trojan-activity;sid:84347980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484881)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484881/; classtype:trojan-activity;sid:84347981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484882)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484882/; classtype:trojan-activity;sid:84347982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484883)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484883/; classtype:trojan-activity;sid:84347983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484884)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484884/; classtype:trojan-activity;sid:84347984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484885)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484885/; classtype:trojan-activity;sid:84347985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484886)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484886/; classtype:trojan-activity;sid:84347986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484887)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484887/; classtype:trojan-activity;sid:84347987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484869)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484869/; classtype:trojan-activity;sid:84347969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484870)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484870/; classtype:trojan-activity;sid:84347970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484871)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484871/; classtype:trojan-activity;sid:84347971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484872)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484872/; classtype:trojan-activity;sid:84347972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484873)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484873/; classtype:trojan-activity;sid:84347973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484874)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484874/; classtype:trojan-activity;sid:84347974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484875)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484875/; classtype:trojan-activity;sid:84347975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484876)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484876/; classtype:trojan-activity;sid:84347976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484877)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484877/; classtype:trojan-activity;sid:84347977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484878)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484878/; classtype:trojan-activity;sid:84347978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484879)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.192.48.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484879/; classtype:trojan-activity;sid:84347979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.215.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484867/; classtype:trojan-activity;sid:84347967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.72.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484868/; classtype:trojan-activity;sid:84347968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.150.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484865/; classtype:trojan-activity;sid:84347965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.236.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484866/; classtype:trojan-activity;sid:84347966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.43.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484864/; classtype:trojan-activity;sid:84347964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.185.162.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484863/; classtype:trojan-activity;sid:84347963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.177.33.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484862/; classtype:trojan-activity;sid:84347962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484859)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"a.czarnuch.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484859/; classtype:trojan-activity;sid:84347959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484860)"; flow:established,from_client; content:"GET"; http_method; content:"/infect_all.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.czarnuch.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484860/; classtype:trojan-activity;sid:84347960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484861)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/main_arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"a.czarnuch.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484861/; classtype:trojan-activity;sid:84347961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484847)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/main_x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"a.czarnuch.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484847/; classtype:trojan-activity;sid:84347947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484848)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a.czarnuch.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484848/; classtype:trojan-activity;sid:84347948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484849)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"a.czarnuch.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484849/; classtype:trojan-activity;sid:84347949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484850)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"a.czarnuch.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484850/; classtype:trojan-activity;sid:84347950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484851)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"a.czarnuch.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484851/; classtype:trojan-activity;sid:84347951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484852)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"a.czarnuch.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484852/; classtype:trojan-activity;sid:84347952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484853)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/main_x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.czarnuch.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484853/; classtype:trojan-activity;sid:84347953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484854)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a.czarnuch.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484854/; classtype:trojan-activity;sid:84347954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484855)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/main_arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.czarnuch.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484855/; classtype:trojan-activity;sid:84347955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484856)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/main_ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.czarnuch.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484856/; classtype:trojan-activity;sid:84347956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484857)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a.czarnuch.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484857/; classtype:trojan-activity;sid:84347957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484858)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/main_arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"a.czarnuch.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484858/; classtype:trojan-activity;sid:84347958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.7.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484846/; classtype:trojan-activity;sid:84347946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484845)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"51.38.137.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484845/; classtype:trojan-activity;sid:84347945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484843)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"51.38.137.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484843/; classtype:trojan-activity;sid:84347943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484844)"; flow:established,from_client; content:"GET"; http_method; content:"/infect_all.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"51.38.137.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484844/; classtype:trojan-activity;sid:84347944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484830)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/main_arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"51.38.137.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484830/; classtype:trojan-activity;sid:84347930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484831)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/main_x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"51.38.137.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484831/; classtype:trojan-activity;sid:84347931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484832)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.38.137.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484832/; classtype:trojan-activity;sid:84347932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484833)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/main_arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"51.38.137.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484833/; classtype:trojan-activity;sid:84347933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484834)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.38.137.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484834/; classtype:trojan-activity;sid:84347934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484835)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.38.137.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484835/; classtype:trojan-activity;sid:84347935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484836)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/main_x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"51.38.137.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484836/; classtype:trojan-activity;sid:84347936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484837)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.38.137.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484837/; classtype:trojan-activity;sid:84347937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484838)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/main_arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"51.38.137.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484838/; classtype:trojan-activity;sid:84347938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484839)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.38.137.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484839/; classtype:trojan-activity;sid:84347939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484840)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/main_ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"51.38.137.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484840/; classtype:trojan-activity;sid:84347940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.236.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484841/; classtype:trojan-activity;sid:84347941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484842)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.38.137.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484842/; classtype:trojan-activity;sid:84347942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.111.198.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484829/; classtype:trojan-activity;sid:84347929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.121.94.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484828/; classtype:trojan-activity;sid:84347928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.43.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484827/; classtype:trojan-activity;sid:84347927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.204.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484824/; classtype:trojan-activity;sid:84347924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.9.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484825/; classtype:trojan-activity;sid:84347925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.111.198.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484826/; classtype:trojan-activity;sid:84347926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.207.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484823/; classtype:trojan-activity;sid:84347923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.215.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484822/; classtype:trojan-activity;sid:84347922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.177.33.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484821/; classtype:trojan-activity;sid:84347921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.13.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484820/; classtype:trojan-activity;sid:84347920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.105.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484819/; classtype:trojan-activity;sid:84347919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.144.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484818/; classtype:trojan-activity;sid:84347918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484817/; classtype:trojan-activity;sid:84347917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.173.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484816/; classtype:trojan-activity;sid:84347916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484815)"; flow:established,from_client; content:"GET"; http_method; content:"/h0075m6rhk.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484815/; classtype:trojan-activity;sid:84347915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.7.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484813/; classtype:trojan-activity;sid:84347913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.156.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484814/; classtype:trojan-activity;sid:84347914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.218.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484812/; classtype:trojan-activity;sid:84347912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.204.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484811/; classtype:trojan-activity;sid:84347911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484810)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484810/; classtype:trojan-activity;sid:84347910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484787)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484787/; classtype:trojan-activity;sid:84347887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484788)"; flow:established,from_client; content:"GET"; http_method; content:"/test.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484788/; classtype:trojan-activity;sid:84347888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484789)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484789/; classtype:trojan-activity;sid:84347889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484790)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484790/; classtype:trojan-activity;sid:84347890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484791)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484791/; classtype:trojan-activity;sid:84347891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484792)"; flow:established,from_client; content:"GET"; http_method; content:"/mag"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484792/; classtype:trojan-activity;sid:84347892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484793)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484793/; classtype:trojan-activity;sid:84347893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484794)"; flow:established,from_client; content:"GET"; http_method; content:"/multi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484794/; classtype:trojan-activity;sid:84347894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484795)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484795/; classtype:trojan-activity;sid:84347895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484796)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484796/; classtype:trojan-activity;sid:84347896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484797)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484797/; classtype:trojan-activity;sid:84347897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484798)"; flow:established,from_client; content:"GET"; http_method; content:"/mass.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484798/; classtype:trojan-activity;sid:84347898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484799)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484799/; classtype:trojan-activity;sid:84347899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484800)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484800/; classtype:trojan-activity;sid:84347900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484801)"; flow:established,from_client; content:"GET"; http_method; content:"/ruck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484801/; classtype:trojan-activity;sid:84347901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484802)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484802/; classtype:trojan-activity;sid:84347902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484803)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484803/; classtype:trojan-activity;sid:84347903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484804)"; flow:established,from_client; content:"GET"; http_method; content:"/vc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484804/; classtype:trojan-activity;sid:84347904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484805)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484805/; classtype:trojan-activity;sid:84347905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484806)"; flow:established,from_client; content:"GET"; http_method; content:"/f5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484806/; classtype:trojan-activity;sid:84347906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484807)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484807/; classtype:trojan-activity;sid:84347907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484808)"; flow:established,from_client; content:"GET"; http_method; content:"/fb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484808/; classtype:trojan-activity;sid:84347908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.207.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484809/; classtype:trojan-activity;sid:84347909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484770)"; flow:established,from_client; content:"GET"; http_method; content:"/zz"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484770/; classtype:trojan-activity;sid:84347870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484771)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484771/; classtype:trojan-activity;sid:84347871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484772)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484772/; classtype:trojan-activity;sid:84347872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484773)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484773/; classtype:trojan-activity;sid:84347873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484774)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484774/; classtype:trojan-activity;sid:84347874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484775)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484775/; classtype:trojan-activity;sid:84347875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484776)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484776/; classtype:trojan-activity;sid:84347876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484777)"; flow:established,from_client; content:"GET"; http_method; content:"/xaxa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484777/; classtype:trojan-activity;sid:84347877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484778)"; flow:established,from_client; content:"GET"; http_method; content:"/r.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484778/; classtype:trojan-activity;sid:84347878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484779)"; flow:established,from_client; content:"GET"; http_method; content:"/sdt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484779/; classtype:trojan-activity;sid:84347879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484780)"; flow:established,from_client; content:"GET"; http_method; content:"/asd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484780/; classtype:trojan-activity;sid:84347880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484781)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484781/; classtype:trojan-activity;sid:84347881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484782)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484782/; classtype:trojan-activity;sid:84347882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484783)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484783/; classtype:trojan-activity;sid:84347883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484784)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484784/; classtype:trojan-activity;sid:84347884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484785)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484785/; classtype:trojan-activity;sid:84347885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484786)"; flow:established,from_client; content:"GET"; http_method; content:"/fdgsfg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484786/; classtype:trojan-activity;sid:84347886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.13.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484769/; classtype:trojan-activity;sid:84347869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.215.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484768/; classtype:trojan-activity;sid:84347868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.173.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484767/; classtype:trojan-activity;sid:84347867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.90.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484766/; classtype:trojan-activity;sid:84347866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484765/; classtype:trojan-activity;sid:84347865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484764)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484764/; classtype:trojan-activity;sid:84347864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.172.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484762/; classtype:trojan-activity;sid:84347862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.228.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484763/; classtype:trojan-activity;sid:84347863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484760)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484760/; classtype:trojan-activity;sid:84347860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484761)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484761/; classtype:trojan-activity;sid:84347861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484757)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484757/; classtype:trojan-activity;sid:84347857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484758)"; flow:established,from_client; content:"GET"; http_method; content:"/nimips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484758/; classtype:trojan-activity;sid:84347858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484759)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484759/; classtype:trojan-activity;sid:84347859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484756)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.253.230.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484756/; classtype:trojan-activity;sid:84347856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.0.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484755/; classtype:trojan-activity;sid:84347855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.59.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484754/; classtype:trojan-activity;sid:84347854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.234.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484753/; classtype:trojan-activity;sid:84347853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.81.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484752/; classtype:trojan-activity;sid:84347852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.228.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484751/; classtype:trojan-activity;sid:84347851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.172.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484750/; classtype:trojan-activity;sid:84347850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.197.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484748/; classtype:trojan-activity;sid:84347848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.66.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484749/; classtype:trojan-activity;sid:84347849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.250.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484747/; classtype:trojan-activity;sid:84347847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.81.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484746/; classtype:trojan-activity;sid:84347846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484745)"; flow:established,from_client; content:"GET"; http_method; content:"/3lxylsz3xr.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484745/; classtype:trojan-activity;sid:84347845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.240.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484744/; classtype:trojan-activity;sid:84347844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.60.54.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484743/; classtype:trojan-activity;sid:84347843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.232.19.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484742/; classtype:trojan-activity;sid:84347842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.0.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484741/; classtype:trojan-activity;sid:84347841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.234.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484740/; classtype:trojan-activity;sid:84347840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.2.135.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484739/; classtype:trojan-activity;sid:84347839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.64.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484738/; classtype:trojan-activity;sid:84347838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.66.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484737/; classtype:trojan-activity;sid:84347837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484736/; classtype:trojan-activity;sid:84347836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.153.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484735/; classtype:trojan-activity;sid:84347835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.27.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484734/; classtype:trojan-activity;sid:84347834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.95.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484733/; classtype:trojan-activity;sid:84347833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.172.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484732/; classtype:trojan-activity;sid:84347832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.61.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484731/; classtype:trojan-activity;sid:84347831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.131.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484730/; classtype:trojan-activity;sid:84347830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.46.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484729/; classtype:trojan-activity;sid:84347829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.153.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484728/; classtype:trojan-activity;sid:84347828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.27.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484727/; classtype:trojan-activity;sid:84347827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.117.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484726/; classtype:trojan-activity;sid:84347826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.15.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484725/; classtype:trojan-activity;sid:84347825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.165.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484724/; classtype:trojan-activity;sid:84347824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.64.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484723/; classtype:trojan-activity;sid:84347823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.172.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484722/; classtype:trojan-activity;sid:84347822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.135.249.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484721/; classtype:trojan-activity;sid:84347821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.33.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484720/; classtype:trojan-activity;sid:84347820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.80.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484719/; classtype:trojan-activity;sid:84347819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484718)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484718/; classtype:trojan-activity;sid:84347818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.95.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484717/; classtype:trojan-activity;sid:84347817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.61.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484716/; classtype:trojan-activity;sid:84347816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.195.7.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484715/; classtype:trojan-activity;sid:84347815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484714/; classtype:trojan-activity;sid:84347814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.197.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484713/; classtype:trojan-activity;sid:84347813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.248.12.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484712/; classtype:trojan-activity;sid:84347812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484711)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.oibupi.icu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484711/; classtype:trojan-activity;sid:84347811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.117.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484710/; classtype:trojan-activity;sid:84347810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.199.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484709/; classtype:trojan-activity;sid:84347809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.230.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484708/; classtype:trojan-activity;sid:84347808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484707)"; flow:established,from_client; content:"GET"; http_method; content:"/q3q194mc8y.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484707/; classtype:trojan-activity;sid:84347807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.165.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484706/; classtype:trojan-activity;sid:84347806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.198.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484705/; classtype:trojan-activity;sid:84347805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.37.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484704/; classtype:trojan-activity;sid:84347804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.65.33.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484702/; classtype:trojan-activity;sid:84347802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.56.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484703/; classtype:trojan-activity;sid:84347803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.102.186.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484701/; classtype:trojan-activity;sid:84347801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484700/; classtype:trojan-activity;sid:84347800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.15.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484699/; classtype:trojan-activity;sid:84347799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.50.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484698/; classtype:trojan-activity;sid:84347798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.179.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484697/; classtype:trojan-activity;sid:84347797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.199.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484696/; classtype:trojan-activity;sid:84347796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.12.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484694/; classtype:trojan-activity;sid:84347794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.107.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484695/; classtype:trojan-activity;sid:84347795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484693/; classtype:trojan-activity;sid:84347793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.104.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484692/; classtype:trojan-activity;sid:84347792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.213.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484691/; classtype:trojan-activity;sid:84347791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.56.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484690/; classtype:trojan-activity;sid:84347790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.191.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484689/; classtype:trojan-activity;sid:84347789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.102.186.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484688/; classtype:trojan-activity;sid:84347788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.166.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484687/; classtype:trojan-activity;sid:84347787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.135.249.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484686/; classtype:trojan-activity;sid:84347786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.16.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484685/; classtype:trojan-activity;sid:84347785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.206.161.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484684/; classtype:trojan-activity;sid:84347784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.142.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484683/; classtype:trojan-activity;sid:84347783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484682)"; flow:established,from_client; content:"GET"; http_method; content:"/pd/tcsla.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"courtyardhealthcare.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484682/; classtype:trojan-activity;sid:84347782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.50.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484681/; classtype:trojan-activity;sid:84347781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.68.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484680/; classtype:trojan-activity;sid:84347780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.213.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484679/; classtype:trojan-activity;sid:84347779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"65.99.116.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484678/; classtype:trojan-activity;sid:84347778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.142.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484677/; classtype:trojan-activity;sid:84347777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484676)"; flow:established,from_client; content:"GET"; http_method; content:"/feb/xpmg.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"courtyardhealthcare.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484676/; classtype:trojan-activity;sid:84347776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484675)"; flow:established,from_client; content:"GET"; http_method; content:"/march/edgeviewwebs.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"courtyardhealthcare.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484675/; classtype:trojan-activity;sid:84347775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484674)"; flow:established,from_client; content:"GET"; http_method; content:"/march/xpmg%20%281%29.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"courtyardhealthcare.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484674/; classtype:trojan-activity;sid:84347774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.7.186"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484673/; classtype:trojan-activity;sid:84347773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.192.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484672/; classtype:trojan-activity;sid:84347772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.13.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484671/; classtype:trojan-activity;sid:84347771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.74.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484670/; classtype:trojan-activity;sid:84347770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484669)"; flow:established,from_client; content:"GET"; http_method; content:"/6bgykx5brj.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484669/; classtype:trojan-activity;sid:84347769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.37.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484668/; classtype:trojan-activity;sid:84347768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.206.161.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484667/; classtype:trojan-activity;sid:84347767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.226.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484665/; classtype:trojan-activity;sid:84347765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.44.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484666/; classtype:trojan-activity;sid:84347766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.31.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484664/; classtype:trojan-activity;sid:84347764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.166.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484663/; classtype:trojan-activity;sid:84347763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484662/; classtype:trojan-activity;sid:84347762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"65.99.116.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484661/; classtype:trojan-activity;sid:84347761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.74.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484660/; classtype:trojan-activity;sid:84347760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.255.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484659/; classtype:trojan-activity;sid:84347759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.75.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484657/; classtype:trojan-activity;sid:84347757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.37.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484658/; classtype:trojan-activity;sid:84347758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.58.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484656/; classtype:trojan-activity;sid:84347756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.53.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484655/; classtype:trojan-activity;sid:84347755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.226.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484654/; classtype:trojan-activity;sid:84347754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.95.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484653/; classtype:trojan-activity;sid:84347753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.170.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484652/; classtype:trojan-activity;sid:84347752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.91.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484651/; classtype:trojan-activity;sid:84347751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.84.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484650/; classtype:trojan-activity;sid:84347750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484649)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.aytuna.icu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484649/; classtype:trojan-activity;sid:84347749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.122.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484648/; classtype:trojan-activity;sid:84347748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.177.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484647/; classtype:trojan-activity;sid:84347747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.75.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484646/; classtype:trojan-activity;sid:84347746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.44.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484645/; classtype:trojan-activity;sid:84347745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.211.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484644/; classtype:trojan-activity;sid:84347744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484643/; classtype:trojan-activity;sid:84347743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.49.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484642/; classtype:trojan-activity;sid:84347742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.44.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484641/; classtype:trojan-activity;sid:84347741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.142.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484640/; classtype:trojan-activity;sid:84347740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.84.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484639/; classtype:trojan-activity;sid:84347739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.37.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484638/; classtype:trojan-activity;sid:84347738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.170.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484637/; classtype:trojan-activity;sid:84347737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.225.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484636/; classtype:trojan-activity;sid:84347736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.177.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484635/; classtype:trojan-activity;sid:84347735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.239.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484634/; classtype:trojan-activity;sid:84347734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"plphelp.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484628/; classtype:trojan-activity;sid:84347728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.wkhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484629/; classtype:trojan-activity;sid:84347729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.onhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484630/; classtype:trojan-activity;sid:84347730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"nphelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484631/; classtype:trojan-activity;sid:84347731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"m.anphelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484632/; classtype:trojan-activity;sid:84347732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"xqwa87.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484633/; classtype:trojan-activity;sid:84347733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"acc.mcohelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484626/; classtype:trojan-activity;sid:84347726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"m.klhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484627/; classtype:trojan-activity;sid:84347727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"zx4qtc.me"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484618/; classtype:trojan-activity;sid:84347718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"m.ivhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484619/; classtype:trojan-activity;sid:84347719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"fter-po5.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484620/; classtype:trojan-activity;sid:84347720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.wjhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484621/; classtype:trojan-activity;sid:84347721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"m.fiqhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484622/; classtype:trojan-activity;sid:84347722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"m.eqhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484623/; classtype:trojan-activity;sid:84347723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.ivhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484624/; classtype:trojan-activity;sid:84347724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.xshelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484625/; classtype:trojan-activity;sid:84347725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"pnbf-gv.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484596/; classtype:trojan-activity;sid:84347696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"mr27aupan.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484597/; classtype:trojan-activity;sid:84347697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.bchelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484598/; classtype:trojan-activity;sid:84347698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.qlhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484599/; classtype:trojan-activity;sid:84347699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.uxhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484600/; classtype:trojan-activity;sid:84347700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"mghelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484601/; classtype:trojan-activity;sid:84347701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"gomolatori.cyou"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484602/; classtype:trojan-activity;sid:84347702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"u9b.top"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484603/; classtype:trojan-activity;sid:84347703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"mr26panel.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484604/; classtype:trojan-activity;sid:84347704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.axhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484605/; classtype:trojan-activity;sid:84347705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"gcxew-33w.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484606/; classtype:trojan-activity;sid:84347706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"gbnace7.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484607/; classtype:trojan-activity;sid:84347707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"pothelp.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484608/; classtype:trojan-activity;sid:84347708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.livhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484609/; classtype:trojan-activity;sid:84347709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"m.kbhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484610/; classtype:trojan-activity;sid:84347710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.aehelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484611/; classtype:trojan-activity;sid:84347711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"acc.lwhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484612/; classtype:trojan-activity;sid:84347712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.ozhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484613/; classtype:trojan-activity;sid:84347713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"axhelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484614/; classtype:trojan-activity;sid:84347714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"aehelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484615/; classtype:trojan-activity;sid:84347715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"xkhelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484616/; classtype:trojan-activity;sid:84347716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"novpanel.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484617/; classtype:trojan-activity;sid:84347717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"wothelp.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484589/; classtype:trojan-activity;sid:84347689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"azmn-pp4.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484590/; classtype:trojan-activity;sid:84347690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"screenconnect.pro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484591/; classtype:trojan-activity;sid:84347691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"bzsew-4ew.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484592/; classtype:trojan-activity;sid:84347692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"molatoriline.cyou"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484593/; classtype:trojan-activity;sid:84347693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"support.ssagovsecure.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484594/; classtype:trojan-activity;sid:84347694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.eahelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484595/; classtype:trojan-activity;sid:84347695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"web.pnbhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484588/; classtype:trojan-activity;sid:84347688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"wjhelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484587/; classtype:trojan-activity;sid:84347687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"cxhelp.online"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484582/; classtype:trojan-activity;sid:84347682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"ubftr3.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484583/; classtype:trojan-activity;sid:84347683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"nohelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484584/; classtype:trojan-activity;sid:84347684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"nxsw-tq2.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484585/; classtype:trojan-activity;sid:84347685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"mxews5.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484586/; classtype:trojan-activity;sid:84347686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"gzeed-33w.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484581/; classtype:trojan-activity;sid:84347681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"screenconnect.cloud"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484580/; classtype:trojan-activity;sid:84347680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"ytfpyehpyt.me"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484579/; classtype:trojan-activity;sid:84347679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxscorpio.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484558/; classtype:trojan-activity;sid:84347658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"tgphelp.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484559/; classtype:trojan-activity;sid:84347659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"acc.nmphelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484560/; classtype:trojan-activity;sid:84347660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxfortitech.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484561/; classtype:trojan-activity;sid:84347661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"uhmd-rw2.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484562/; classtype:trojan-activity;sid:84347662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"acc.crjhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484563/; classtype:trojan-activity;sid:84347663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"acc.tishelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484564/; classtype:trojan-activity;sid:84347664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxsafenova.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484565/; classtype:trojan-activity;sid:84347665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"edpcare.help"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484566/; classtype:trojan-activity;sid:84347666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.uhhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484567/; classtype:trojan-activity;sid:84347667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"m.biyhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484568/; classtype:trojan-activity;sid:84347668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"oxtt-76r.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484569/; classtype:trojan-activity;sid:84347669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxleo.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484570/; classtype:trojan-activity;sid:84347670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"rmkaio1.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484571/; classtype:trojan-activity;sid:84347671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"secure8v67ea.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484572/; classtype:trojan-activity;sid:84347672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxshieldpro.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484573/; classtype:trojan-activity;sid:84347673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"xohelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484574/; classtype:trojan-activity;sid:84347674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"bfjduf2.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484575/; classtype:trojan-activity;sid:84347675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"accesspoint.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484576/; classtype:trojan-activity;sid:84347676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"jdsfrw-11.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484577/; classtype:trojan-activity;sid:84347677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxironguard.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484578/; classtype:trojan-activity;sid:84347678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"rw-uis.screensconnectpro.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484554/; classtype:trojan-activity;sid:84347654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"mabsa13.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484555/; classtype:trojan-activity;sid:84347655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"m.rwhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484556/; classtype:trojan-activity;sid:84347656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.249.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484557/; classtype:trojan-activity;sid:84347657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"ndxs439.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484553/; classtype:trojan-activity;sid:84347653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"web.mzihelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484547/; classtype:trojan-activity;sid:84347647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxaquarius.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484548/; classtype:trojan-activity;sid:84347648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"acc.cbihelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484549/; classtype:trojan-activity;sid:84347649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.xohelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484550/; classtype:trojan-activity;sid:84347650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxcyberapex.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484551/; classtype:trojan-activity;sid:84347651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"vbcre-76y.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484552/; classtype:trojan-activity;sid:84347652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484546)"; flow:established,from_client; content:"GET"; http_method; content:"/creation_made_by_grokai.mp4%20%20%20openai.com"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"innaflux.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484546/; classtype:trojan-activity;sid:84347646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.prghelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484542/; classtype:trojan-activity;sid:84347642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"prghelp.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484543/; classtype:trojan-activity;sid:84347643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"web3.rwbhelp.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484544/; classtype:trojan-activity;sid:84347644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"wk3699log.iethelp.top"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484545/; classtype:trojan-activity;sid:84347645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"acc.cjxhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484538/; classtype:trojan-activity;sid:84347638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"systemsupport.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484539/; classtype:trojan-activity;sid:84347639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.qghelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484540/; classtype:trojan-activity;sid:84347640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"nonopanel.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484541/; classtype:trojan-activity;sid:84347641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.hehelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484536/; classtype:trojan-activity;sid:84347636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"upphelp.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484537/; classtype:trojan-activity;sid:84347637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.mabhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484519/; classtype:trojan-activity;sid:84347619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxvirgo.de"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484520/; classtype:trojan-activity;sid:84347620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.wyzhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484521/; classtype:trojan-activity;sid:84347621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"molatorier.icu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484522/; classtype:trojan-activity;sid:84347622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"web.mhehelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484523/; classtype:trojan-activity;sid:84347623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"m.helpx4.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484524/; classtype:trojan-activity;sid:84347624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"web.opnhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484525/; classtype:trojan-activity;sid:84347625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxstealthnet.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484526/; classtype:trojan-activity;sid:84347626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"web.help3x.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484527/; classtype:trojan-activity;sid:84347627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"m.juhelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484528/; classtype:trojan-activity;sid:84347628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxfortiguard.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484529/; classtype:trojan-activity;sid:84347629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"m.bzghelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484530/; classtype:trojan-activity;sid:84347630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"gajrokerby.cyou"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484531/; classtype:trojan-activity;sid:84347631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"exsa-45we.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484532/; classtype:trojan-activity;sid:84347632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"acc.bzghelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484533/; classtype:trojan-activity;sid:84347633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"jnhelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484534/; classtype:trojan-activity;sid:84347634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxsupportx.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484535/; classtype:trojan-activity;sid:84347635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.kbhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484499/; classtype:trojan-activity;sid:84347599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"wyzhelp.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484500/; classtype:trojan-activity;sid:84347600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxtrustedge.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484501/; classtype:trojan-activity;sid:84347601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.svhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484502/; classtype:trojan-activity;sid:84347602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"upohelp.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484503/; classtype:trojan-activity;sid:84347603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"vjpanplus.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484504/; classtype:trojan-activity;sid:84347604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"zrwss-p9.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484505/; classtype:trojan-activity;sid:84347605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"work.tdhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484506/; classtype:trojan-activity;sid:84347606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"agd-yrr1.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484507/; classtype:trojan-activity;sid:84347607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxvigilantx.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484508/; classtype:trojan-activity;sid:84347608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"acc.vnfhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484509/; classtype:trojan-activity;sid:84347609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"wb3699log.bvwhelp.top"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484510/; classtype:trojan-activity;sid:84347610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.gahelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484511/; classtype:trojan-activity;sid:84347611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"m.bqxhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484512/; classtype:trojan-activity;sid:84347612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"qied-54w.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484513/; classtype:trojan-activity;sid:84347613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"wnhelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484514/; classtype:trojan-activity;sid:84347614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxcybernetic.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484515/; classtype:trojan-activity;sid:84347615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"orhelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484516/; classtype:trojan-activity;sid:84347616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.eqhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484517/; classtype:trojan-activity;sid:84347617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxlockforge.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484518/; classtype:trojan-activity;sid:84347618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"web.lnhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484496/; classtype:trojan-activity;sid:84347596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"hehelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484497/; classtype:trojan-activity;sid:84347597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"nwpihelp.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484498/; classtype:trojan-activity;sid:84347598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"m.pnbhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484495/; classtype:trojan-activity;sid:84347595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"ocrcare.help"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484494/; classtype:trojan-activity;sid:84347594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484493)"; flow:established,from_client; content:"GET"; http_method; content:"/dl17"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484493/; classtype:trojan-activity;sid:84347593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"wplhelp.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484492/; classtype:trojan-activity;sid:84347592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.knhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484487/; classtype:trojan-activity;sid:84347587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"www.jmhelp.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484488/; classtype:trojan-activity;sid:84347588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"web.bqxhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484489/; classtype:trojan-activity;sid:84347589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"onyxsafetrack.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484490/; classtype:trojan-activity;sid:84347590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f||3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:81; isdataat:!1,relative; nocase; content:"egmn-4ew.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484491/; classtype:trojan-activity;sid:84347591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484486)"; flow:established,from_client; content:"GET"; http_method; content:"/9002.conf"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mostere.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484486/; classtype:trojan-activity;sid:84347586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484479)"; flow:established,from_client; content:"GET"; http_method; content:"/heartwfed/carbon-executor/releases/download/v3.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484479/; classtype:trojan-activity;sid:84347579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484480)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484480/; classtype:trojan-activity;sid:84347580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484481)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484481/; classtype:trojan-activity;sid:84347581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484482)"; flow:established,from_client; content:"GET"; http_method; content:"/heartwfed/carbon-executor/releases/download/v2.0/program.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484482/; classtype:trojan-activity;sid:84347582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484483)"; flow:established,from_client; content:"GET"; http_method; content:"/heartwfed/carbon-executor/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484483/; classtype:trojan-activity;sid:84347583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484484)"; flow:established,from_client; content:"GET"; http_method; content:"/d3m0nvr/electron-executor/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484484/; classtype:trojan-activity;sid:84347584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484485)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v2.0/program.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484485/; classtype:trojan-activity;sid:84347585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484472)"; flow:established,from_client; content:"GET"; http_method; content:"/rn098/figma-free-crack/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484472/; classtype:trojan-activity;sid:84347572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484473)"; flow:established,from_client; content:"GET"; http_method; content:"/itopdatarecovery.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"conecwinlab.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484473/; classtype:trojan-activity;sid:84347573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484474)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484474/; classtype:trojan-activity;sid:84347574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484475)"; flow:established,from_client; content:"GET"; http_method; content:"/homesing.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"conecwinlab.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484475/; classtype:trojan-activity;sid:84347575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484476)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484476/; classtype:trojan-activity;sid:84347576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484477)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lovnebkl0qhielxy6ksxrusz8jrpmppt"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484477/; classtype:trojan-activity;sid:84347577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484478)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v2.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484478/; classtype:trojan-activity;sid:84347578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484467)"; flow:established,from_client; content:"GET"; http_method; content:"/heartwfed/carbon-executor/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484467/; classtype:trojan-activity;sid:84347567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484468)"; flow:established,from_client; content:"GET"; http_method; content:"/d3m0nvr/electron-executor/releases/download/v3.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484468/; classtype:trojan-activity;sid:84347568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484469)"; flow:established,from_client; content:"GET"; http_method; content:"/d3m0nvr/electron-executor/releases/download/v2.0/release_x64.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484469/; classtype:trojan-activity;sid:84347569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484470)"; flow:established,from_client; content:"GET"; http_method; content:"/d3m0nvr/electron-executor/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484470/; classtype:trojan-activity;sid:84347570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484471)"; flow:established,from_client; content:"GET"; http_method; content:"/ayamato0/arceus-executor/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484471/; classtype:trojan-activity;sid:84347571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484465)"; flow:established,from_client; content:"GET"; http_method; content:"/stepegemeyod/codex-roblox/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484465/; classtype:trojan-activity;sid:84347565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484466)"; flow:established,from_client; content:"GET"; http_method; content:"/timy2007/trigon-evo/releases/download/v3.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484466/; classtype:trojan-activity;sid:84347566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.211.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484462/; classtype:trojan-activity;sid:84347562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484463)"; flow:established,from_client; content:"GET"; http_method; content:"/apps/gets.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"masgrave.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484463/; classtype:trojan-activity;sid:84347563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484464)"; flow:established,from_client; content:"GET"; http_method; content:"/stepegemeyod/codex-roblox/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484464/; classtype:trojan-activity;sid:84347564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484461)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowlord11/arceus-executor/releases/download/v3.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484461/; classtype:trojan-activity;sid:84347561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484460)"; flow:established,from_client; content:"GET"; http_method; content:"/edwartan/blox-fruits-script-roblox/releases/download/subahdar/blox-fruits-script-roblox-subahdar.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484460/; classtype:trojan-activity;sid:84347560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484459)"; flow:established,from_client; content:"GET"; http_method; content:"/112/niceg/verynicegoodfriendswithgreatnessgivenmebestthings_____verynicegoodfriendswithgreatnessgivenmebestthings____verynicegoodfriendswithgreatnessgivenmebestthings.doc"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"109.172.87.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484459/; classtype:trojan-activity;sid:84347559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484457)"; flow:established,from_client; content:"GET"; http_method; content:"/9001.conf"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"huanyu3333.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484457/; classtype:trojan-activity;sid:84347557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484458)"; flow:established,from_client; content:"GET"; http_method; content:"/d/iiddyu8m/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484458/; classtype:trojan-activity;sid:84347558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484455)"; flow:established,from_client; content:"GET"; http_method; content:"/112/verynicegoodfriendswithgreatnessgivenmebestthings.hta"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"109.172.87.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484455/; classtype:trojan-activity;sid:84347555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484454)"; flow:established,from_client; content:"GET"; http_method; content:"/pzznj8yb09.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484454/; classtype:trojan-activity;sid:84347554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484453/; classtype:trojan-activity;sid:84347553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.12.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484452/; classtype:trojan-activity;sid:84347552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.104.180.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484451/; classtype:trojan-activity;sid:84347551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.225.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484450/; classtype:trojan-activity;sid:84347550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.179.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484449/; classtype:trojan-activity;sid:84347549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.154.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484448/; classtype:trojan-activity;sid:84347548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.79.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484447/; classtype:trojan-activity;sid:84347547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.163.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484446/; classtype:trojan-activity;sid:84347546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.255.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484445/; classtype:trojan-activity;sid:84347545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.44.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484444/; classtype:trojan-activity;sid:84347544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.89.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484443/; classtype:trojan-activity;sid:84347543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.239.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484442/; classtype:trojan-activity;sid:84347542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.140.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484441/; classtype:trojan-activity;sid:84347541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.222.71.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484440/; classtype:trojan-activity;sid:84347540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.65.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484439/; classtype:trojan-activity;sid:84347539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.104.180.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484438/; classtype:trojan-activity;sid:84347538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.28.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484437/; classtype:trojan-activity;sid:84347537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.170.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484436/; classtype:trojan-activity;sid:84347536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.196.78.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484435/; classtype:trojan-activity;sid:84347535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.240.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484434/; classtype:trojan-activity;sid:84347534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.230.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484433/; classtype:trojan-activity;sid:84347533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484432)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.132.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484432/; classtype:trojan-activity;sid:84347532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484431)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.234.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484431/; classtype:trojan-activity;sid:84347531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484429)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.46.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484429/; classtype:trojan-activity;sid:84347529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484430)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.128.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484430/; classtype:trojan-activity;sid:84347530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484427)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.25.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484427/; classtype:trojan-activity;sid:84347527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484428/; classtype:trojan-activity;sid:84347528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484426)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.63.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484426/; classtype:trojan-activity;sid:84347526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.219.241.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484425/; classtype:trojan-activity;sid:84347525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.87.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484424/; classtype:trojan-activity;sid:84347524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.140.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484423/; classtype:trojan-activity;sid:84347523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.79.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484422/; classtype:trojan-activity;sid:84347522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.92.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484421/; classtype:trojan-activity;sid:84347521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.87.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484420/; classtype:trojan-activity;sid:84347520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.222.71.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484419/; classtype:trojan-activity;sid:84347519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.255.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484418/; classtype:trojan-activity;sid:84347518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484417/; classtype:trojan-activity;sid:84347517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484416)"; flow:established,from_client; content:"GET"; http_method; content:"/7npfk4jooo.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484416/; classtype:trojan-activity;sid:84347516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.219.241.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484415/; classtype:trojan-activity;sid:84347515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.222.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484414/; classtype:trojan-activity;sid:84347514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.240.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484413/; classtype:trojan-activity;sid:84347513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.219.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484411/; classtype:trojan-activity;sid:84347511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484412)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.47.16.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484412/; classtype:trojan-activity;sid:84347512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.41.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484410/; classtype:trojan-activity;sid:84347510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.90.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484409/; classtype:trojan-activity;sid:84347509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.230.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484408/; classtype:trojan-activity;sid:84347508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.218.188.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484407/; classtype:trojan-activity;sid:84347507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.28.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484406/; classtype:trojan-activity;sid:84347506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.36.107.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484405/; classtype:trojan-activity;sid:84347505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.65.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484404/; classtype:trojan-activity;sid:84347504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.62.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484403/; classtype:trojan-activity;sid:84347503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.222.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484402/; classtype:trojan-activity;sid:84347502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.196.78.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484401/; classtype:trojan-activity;sid:84347501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.166.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484400/; classtype:trojan-activity;sid:84347500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.111.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484399/; classtype:trojan-activity;sid:84347499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.16.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484398/; classtype:trojan-activity;sid:84347498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.41.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484397/; classtype:trojan-activity;sid:84347497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.48.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484396/; classtype:trojan-activity;sid:84347496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.192.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484395/; classtype:trojan-activity;sid:84347495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.36.107.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484394/; classtype:trojan-activity;sid:84347494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.109.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484393/; classtype:trojan-activity;sid:84347493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.141.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484392/; classtype:trojan-activity;sid:84347492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.219.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484391/; classtype:trojan-activity;sid:84347491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.73.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484389/; classtype:trojan-activity;sid:84347489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484390)"; flow:established,from_client; content:"GET"; http_method; content:"/2i7pv1xg7h.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484390/; classtype:trojan-activity;sid:84347490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.62.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484388/; classtype:trojan-activity;sid:84347488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.79.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484387/; classtype:trojan-activity;sid:84347487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.30.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484386/; classtype:trojan-activity;sid:84347486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.48.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484384/; classtype:trojan-activity;sid:84347484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484385/; classtype:trojan-activity;sid:84347485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.109.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484383/; classtype:trojan-activity;sid:84347483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484382/; classtype:trojan-activity;sid:84347482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.156.6.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484381/; classtype:trojan-activity;sid:84347481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.186.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484380/; classtype:trojan-activity;sid:84347480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.67.62.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484379/; classtype:trojan-activity;sid:84347479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.96.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484378/; classtype:trojan-activity;sid:84347478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.165.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484377/; classtype:trojan-activity;sid:84347477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.109.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484376/; classtype:trojan-activity;sid:84347476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.30.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484375/; classtype:trojan-activity;sid:84347475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.165.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484374/; classtype:trojan-activity;sid:84347474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.54.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484372/; classtype:trojan-activity;sid:84347472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.107.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484373/; classtype:trojan-activity;sid:84347473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.155.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484371/; classtype:trojan-activity;sid:84347471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.79.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484370/; classtype:trojan-activity;sid:84347470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.255.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484369/; classtype:trojan-activity;sid:84347469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.251.20.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484368/; classtype:trojan-activity;sid:84347468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.185.162.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484367/; classtype:trojan-activity;sid:84347467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.109.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484366/; classtype:trojan-activity;sid:84347466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.107.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484365/; classtype:trojan-activity;sid:84347465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.113.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484364/; classtype:trojan-activity;sid:84347464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.17.133.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484363/; classtype:trojan-activity;sid:84347463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.165.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484362/; classtype:trojan-activity;sid:84347462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.66.4.198"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484361/; classtype:trojan-activity;sid:84347461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484360)"; flow:established,from_client; content:"GET"; http_method; content:"/v19d3frguk.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484360/; classtype:trojan-activity;sid:84347460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.196.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484359/; classtype:trojan-activity;sid:84347459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.54.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484358/; classtype:trojan-activity;sid:84347458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.103.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484357/; classtype:trojan-activity;sid:84347457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.255.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484356/; classtype:trojan-activity;sid:84347456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.150.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484355/; classtype:trojan-activity;sid:84347455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.233.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484354/; classtype:trojan-activity;sid:84347454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.17.133.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484353/; classtype:trojan-activity;sid:84347453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.197.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484352/; classtype:trojan-activity;sid:84347452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.113.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484351/; classtype:trojan-activity;sid:84347451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.22.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484350/; classtype:trojan-activity;sid:84347450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.127.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484349/; classtype:trojan-activity;sid:84347449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.66.4.198"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484348/; classtype:trojan-activity;sid:84347448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.236.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484347/; classtype:trojan-activity;sid:84347447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.68.56.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484346/; classtype:trojan-activity;sid:84347446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.5.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484345/; classtype:trojan-activity;sid:84347445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.150.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484344/; classtype:trojan-activity;sid:84347444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.103.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484343/; classtype:trojan-activity;sid:84347443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484342/; classtype:trojan-activity;sid:84347442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.197.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484341/; classtype:trojan-activity;sid:84347441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.73.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484340/; classtype:trojan-activity;sid:84347440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.51.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484339/; classtype:trojan-activity;sid:84347439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.105.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484338/; classtype:trojan-activity;sid:84347438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.251.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484337/; classtype:trojan-activity;sid:84347437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484336)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.238.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484336/; classtype:trojan-activity;sid:84347436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484335/; classtype:trojan-activity;sid:84347435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484332)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.22.160.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484332/; classtype:trojan-activity;sid:84347432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484333)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.159.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484333/; classtype:trojan-activity;sid:84347433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484334)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.122.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484334/; classtype:trojan-activity;sid:84347434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484329/; classtype:trojan-activity;sid:84347429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484330)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.205.70.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484330/; classtype:trojan-activity;sid:84347430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484331)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.102.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484331/; classtype:trojan-activity;sid:84347431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.146.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484327/; classtype:trojan-activity;sid:84347427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484328)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.56.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484328/; classtype:trojan-activity;sid:84347428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.121.78.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484326/; classtype:trojan-activity;sid:84347426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.202.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484325/; classtype:trojan-activity;sid:84347425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.52.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484324/; classtype:trojan-activity;sid:84347424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.12.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484323/; classtype:trojan-activity;sid:84347423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484322)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"153.35.159.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484322/; classtype:trojan-activity;sid:84347422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.92.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484320/; classtype:trojan-activity;sid:84347420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.25.117"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484321/; classtype:trojan-activity;sid:84347421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.234.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484319/; classtype:trojan-activity;sid:84347419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.139.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484318/; classtype:trojan-activity;sid:84347418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.129.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484317/; classtype:trojan-activity;sid:84347417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.173.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484316/; classtype:trojan-activity;sid:84347416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.236.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484315/; classtype:trojan-activity;sid:84347415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.99.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484314/; classtype:trojan-activity;sid:84347414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484313)"; flow:established,from_client; content:"GET"; http_method; content:"/y3aeyayyrx.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484313/; classtype:trojan-activity;sid:84347413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484312/; classtype:trojan-activity;sid:84347412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.139.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484311/; classtype:trojan-activity;sid:84347411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.52.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484310/; classtype:trojan-activity;sid:84347410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.94.211.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484309/; classtype:trojan-activity;sid:84347409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.25.117"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484308/; classtype:trojan-activity;sid:84347408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.249.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484307/; classtype:trojan-activity;sid:84347407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.31.101"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484306/; classtype:trojan-activity;sid:84347406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.73.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484305/; classtype:trojan-activity;sid:84347405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.128.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484304/; classtype:trojan-activity;sid:84347404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.99.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484303/; classtype:trojan-activity;sid:84347403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.155.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484302/; classtype:trojan-activity;sid:84347402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.56.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484301/; classtype:trojan-activity;sid:84347401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.24.176.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484300/; classtype:trojan-activity;sid:84347400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.178.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484299/; classtype:trojan-activity;sid:84347399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.47.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484298/; classtype:trojan-activity;sid:84347398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.7.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484297/; classtype:trojan-activity;sid:84347397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.186.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484296/; classtype:trojan-activity;sid:84347396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.79.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484295/; classtype:trojan-activity;sid:84347395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484294)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.135.45.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484294/; classtype:trojan-activity;sid:84347394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.128.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484293/; classtype:trojan-activity;sid:84347393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.172.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484292/; classtype:trojan-activity;sid:84347392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.24.176.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484291/; classtype:trojan-activity;sid:84347391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.22.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484290/; classtype:trojan-activity;sid:84347390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.9.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484289/; classtype:trojan-activity;sid:84347389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484288/; classtype:trojan-activity;sid:84347388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.188.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484287/; classtype:trojan-activity;sid:84347387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484286)"; flow:established,from_client; content:"GET"; http_method; content:"/a0107tk8av.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484286/; classtype:trojan-activity;sid:84347386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.56.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484285/; classtype:trojan-activity;sid:84347385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.178.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484284/; classtype:trojan-activity;sid:84347384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.94.211.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484283/; classtype:trojan-activity;sid:84347383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.152.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484282/; classtype:trojan-activity;sid:84347382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.175.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484281/; classtype:trojan-activity;sid:84347381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.7.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484280/; classtype:trojan-activity;sid:84347380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.22.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484279/; classtype:trojan-activity;sid:84347379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.228.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484278/; classtype:trojan-activity;sid:84347378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.170.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484277/; classtype:trojan-activity;sid:84347377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.61.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484276/; classtype:trojan-activity;sid:84347376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.54.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484275/; classtype:trojan-activity;sid:84347375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.188.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484274/; classtype:trojan-activity;sid:84347374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.175.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484273/; classtype:trojan-activity;sid:84347373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.49.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484271/; classtype:trojan-activity;sid:84347371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.6.56"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484272/; classtype:trojan-activity;sid:84347372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.210.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484270/; classtype:trojan-activity;sid:84347370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.152.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484269/; classtype:trojan-activity;sid:84347369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.223.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484268/; classtype:trojan-activity;sid:84347368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.181.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484267/; classtype:trojan-activity;sid:84347367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.141.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484266/; classtype:trojan-activity;sid:84347366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.170.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484265/; classtype:trojan-activity;sid:84347365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.49.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484264/; classtype:trojan-activity;sid:84347364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.241.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484263/; classtype:trojan-activity;sid:84347363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484262)"; flow:established,from_client; content:"GET"; http_method; content:"/tq12jow0pu.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484262/; classtype:trojan-activity;sid:84347362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.232.239.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484261/; classtype:trojan-activity;sid:84347361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.6.56"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484260/; classtype:trojan-activity;sid:84347360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.223.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484259/; classtype:trojan-activity;sid:84347359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.97.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484258/; classtype:trojan-activity;sid:84347358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.194.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484256/; classtype:trojan-activity;sid:84347356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.192.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484257/; classtype:trojan-activity;sid:84347357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.147.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484255/; classtype:trojan-activity;sid:84347355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.26.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484254/; classtype:trojan-activity;sid:84347354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.209.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484253/; classtype:trojan-activity;sid:84347353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.181.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484252/; classtype:trojan-activity;sid:84347352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.97.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484251/; classtype:trojan-activity;sid:84347351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.234.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484250/; classtype:trojan-activity;sid:84347350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.9.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484247/; classtype:trojan-activity;sid:84347347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484248/; classtype:trojan-activity;sid:84347348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.147.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484249/; classtype:trojan-activity;sid:84347349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484246/; classtype:trojan-activity;sid:84347346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.65.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484245/; classtype:trojan-activity;sid:84347345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.230.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484244/; classtype:trojan-activity;sid:84347344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.89.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484243/; classtype:trojan-activity;sid:84347343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.249.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484242/; classtype:trojan-activity;sid:84347342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.4.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484241/; classtype:trojan-activity;sid:84347341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484239)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.5.122"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484239/; classtype:trojan-activity;sid:84347339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.22.122"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484240/; classtype:trojan-activity;sid:84347340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484238)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.173.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484238/; classtype:trojan-activity;sid:84347338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484237)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.203.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484237/; classtype:trojan-activity;sid:84347337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484235)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.204.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484235/; classtype:trojan-activity;sid:84347335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484236/; classtype:trojan-activity;sid:84347336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484234)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.26.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484234/; classtype:trojan-activity;sid:84347334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484232)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.20.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484232/; classtype:trojan-activity;sid:84347332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484233)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.36.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484233/; classtype:trojan-activity;sid:84347333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484231)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"149.255.15.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484231/; classtype:trojan-activity;sid:84347331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.121.94.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484230/; classtype:trojan-activity;sid:84347330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.209.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484229/; classtype:trojan-activity;sid:84347329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.232.239.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484228/; classtype:trojan-activity;sid:84347328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.52.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484227/; classtype:trojan-activity;sid:84347327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484226)"; flow:established,from_client; content:"GET"; http_method; content:"/llioeabhqk.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484226/; classtype:trojan-activity;sid:84347326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.22.16"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484225/; classtype:trojan-activity;sid:84347325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.77.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484224/; classtype:trojan-activity;sid:84347324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.234.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484223/; classtype:trojan-activity;sid:84347323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.181.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484222/; classtype:trojan-activity;sid:84347322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.89.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484220/; classtype:trojan-activity;sid:84347320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.22.68"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484221/; classtype:trojan-activity;sid:84347321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.157.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484219/; classtype:trojan-activity;sid:84347319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.8.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484218/; classtype:trojan-activity;sid:84347318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.78.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484217/; classtype:trojan-activity;sid:84347317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.3.81"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484216/; classtype:trojan-activity;sid:84347316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.65.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484215/; classtype:trojan-activity;sid:84347315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.121.94.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484214/; classtype:trojan-activity;sid:84347314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.53.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484213/; classtype:trojan-activity;sid:84347313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.127.225.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484212/; classtype:trojan-activity;sid:84347312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.69.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484211/; classtype:trojan-activity;sid:84347311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.8.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484210/; classtype:trojan-activity;sid:84347310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.124.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484209/; classtype:trojan-activity;sid:84347309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.181.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484208/; classtype:trojan-activity;sid:84347308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.22.16"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484207/; classtype:trojan-activity;sid:84347307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.155.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484206/; classtype:trojan-activity;sid:84347306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.69.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484205/; classtype:trojan-activity;sid:84347305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.53.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484204/; classtype:trojan-activity;sid:84347304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.71.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484203/; classtype:trojan-activity;sid:84347303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.78.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484202/; classtype:trojan-activity;sid:84347302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.124.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484201/; classtype:trojan-activity;sid:84347301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.9.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484200/; classtype:trojan-activity;sid:84347300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.127.225.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484199/; classtype:trojan-activity;sid:84347299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.155.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484198/; classtype:trojan-activity;sid:84347298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.162.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484197/; classtype:trojan-activity;sid:84347297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.14.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484196/; classtype:trojan-activity;sid:84347296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484195/; classtype:trojan-activity;sid:84347295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.232.5.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484194/; classtype:trojan-activity;sid:84347294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.134.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484193/; classtype:trojan-activity;sid:84347293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484192)"; flow:established,from_client; content:"GET"; http_method; content:"/8j17l55hha.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484192/; classtype:trojan-activity;sid:84347292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.49.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484191/; classtype:trojan-activity;sid:84347291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484190)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484190/; classtype:trojan-activity;sid:84347290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.129.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484189/; classtype:trojan-activity;sid:84347289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484187)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484187/; classtype:trojan-activity;sid:84347287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484188)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484188/; classtype:trojan-activity;sid:84347288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484185)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484185/; classtype:trojan-activity;sid:84347285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484186)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484186/; classtype:trojan-activity;sid:84347286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.82.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484184/; classtype:trojan-activity;sid:84347284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484183)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484183/; classtype:trojan-activity;sid:84347283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484182)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484182/; classtype:trojan-activity;sid:84347282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.71.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484180/; classtype:trojan-activity;sid:84347280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.160.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484181/; classtype:trojan-activity;sid:84347281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484179)"; flow:established,from_client; content:"GET"; http_method; content:"/nimips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.87.43.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484179/; classtype:trojan-activity;sid:84347279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.193.129.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484178/; classtype:trojan-activity;sid:84347278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.14.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484177/; classtype:trojan-activity;sid:84347277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.77.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484176/; classtype:trojan-activity;sid:84347276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.134.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484175/; classtype:trojan-activity;sid:84347275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.42.45.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484174/; classtype:trojan-activity;sid:84347274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.9.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484173/; classtype:trojan-activity;sid:84347273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.37.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484172/; classtype:trojan-activity;sid:84347272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.52.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484171/; classtype:trojan-activity;sid:84347271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.9.130"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484170/; classtype:trojan-activity;sid:84347270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.49.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484169/; classtype:trojan-activity;sid:84347269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.37.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484168/; classtype:trojan-activity;sid:84347268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.129.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484167/; classtype:trojan-activity;sid:84347267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.133.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484166/; classtype:trojan-activity;sid:84347266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.131.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484165/; classtype:trojan-activity;sid:84347265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.117.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484164/; classtype:trojan-activity;sid:84347264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.10.37.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484163/; classtype:trojan-activity;sid:84347263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.245.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484162/; classtype:trojan-activity;sid:84347262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.47.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484160/; classtype:trojan-activity;sid:84347260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.208.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484161/; classtype:trojan-activity;sid:84347261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.169.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484159/; classtype:trojan-activity;sid:84347259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484158)"; flow:established,from_client; content:"GET"; http_method; content:"/mj2qqkj1zm.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484158/; classtype:trojan-activity;sid:84347258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.117.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484157/; classtype:trojan-activity;sid:84347257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.208.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484156/; classtype:trojan-activity;sid:84347256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.52.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484155/; classtype:trojan-activity;sid:84347255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.47.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484154/; classtype:trojan-activity;sid:84347254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.111.98.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484153/; classtype:trojan-activity;sid:84347253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.9.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484152/; classtype:trojan-activity;sid:84347252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.150.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484151/; classtype:trojan-activity;sid:84347251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.2.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484150/; classtype:trojan-activity;sid:84347250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.10.37.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484149/; classtype:trojan-activity;sid:84347249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.169.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484148/; classtype:trojan-activity;sid:84347248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484147/; classtype:trojan-activity;sid:84347247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.111.98.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484146/; classtype:trojan-activity;sid:84347246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.9.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484145/; classtype:trojan-activity;sid:84347245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.10.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484144/; classtype:trojan-activity;sid:84347244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.77.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484143/; classtype:trojan-activity;sid:84347243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484142/; classtype:trojan-activity;sid:84347242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484141/; classtype:trojan-activity;sid:84347241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.235.35.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484140/; classtype:trojan-activity;sid:84347240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.28.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484139/; classtype:trojan-activity;sid:84347239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.166.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484138/; classtype:trojan-activity;sid:84347238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484137/; classtype:trojan-activity;sid:84347237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.88.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484136/; classtype:trojan-activity;sid:84347236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.172.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484135/; classtype:trojan-activity;sid:84347235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.214.153.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484134/; classtype:trojan-activity;sid:84347234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484133)"; flow:established,from_client; content:"GET"; http_method; content:"/rat3jmz3xr.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484133/; classtype:trojan-activity;sid:84347233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.39.251.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484132/; classtype:trojan-activity;sid:84347232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.118.124.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484131/; classtype:trojan-activity;sid:84347231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.0.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484130/; classtype:trojan-activity;sid:84347230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.88.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484129/; classtype:trojan-activity;sid:84347229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.172.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484128/; classtype:trojan-activity;sid:84347228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.39.251.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484127/; classtype:trojan-activity;sid:84347227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.240.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484125/; classtype:trojan-activity;sid:84347225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.32.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484126/; classtype:trojan-activity;sid:84347226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.87.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484124/; classtype:trojan-activity;sid:84347224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.214.153.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484123/; classtype:trojan-activity;sid:84347223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.0.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484122/; classtype:trojan-activity;sid:84347222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.118.124.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484121/; classtype:trojan-activity;sid:84347221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484120/; classtype:trojan-activity;sid:84347220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.73.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484119/; classtype:trojan-activity;sid:84347219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.168.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484118/; classtype:trojan-activity;sid:84347218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.77.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484117/; classtype:trojan-activity;sid:84347217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.194.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484116/; classtype:trojan-activity;sid:84347216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.245.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484115/; classtype:trojan-activity;sid:84347215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.31.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484114/; classtype:trojan-activity;sid:84347214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.22.40"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484113/; classtype:trojan-activity;sid:84347213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.84.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484112/; classtype:trojan-activity;sid:84347212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484111)"; flow:established,from_client; content:"GET"; http_method; content:"/2yu20bur0i.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484111/; classtype:trojan-activity;sid:84347211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.90.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484110/; classtype:trojan-activity;sid:84347210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.131.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484109/; classtype:trojan-activity;sid:84347209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.88.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484108/; classtype:trojan-activity;sid:84347208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.84.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484106/; classtype:trojan-activity;sid:84347206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.142.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484107/; classtype:trojan-activity;sid:84347207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.186.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484105/; classtype:trojan-activity;sid:84347205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.129.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484104/; classtype:trojan-activity;sid:84347204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.68.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484103/; classtype:trojan-activity;sid:84347203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.22.40"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484102/; classtype:trojan-activity;sid:84347202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.186.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484101/; classtype:trojan-activity;sid:84347201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.244.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484100/; classtype:trojan-activity;sid:84347200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.78.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484099/; classtype:trojan-activity;sid:84347199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.60.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484098/; classtype:trojan-activity;sid:84347198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.37.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484097/; classtype:trojan-activity;sid:84347197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.131.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484096/; classtype:trojan-activity;sid:84347196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.89.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484094/; classtype:trojan-activity;sid:84347194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.31.189.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484095/; classtype:trojan-activity;sid:84347195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.68.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484093/; classtype:trojan-activity;sid:84347193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.177.200.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484092/; classtype:trojan-activity;sid:84347192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.230.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484091/; classtype:trojan-activity;sid:84347191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.171.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484090/; classtype:trojan-activity;sid:84347190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.129.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484089/; classtype:trojan-activity;sid:84347189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.90.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484087/; classtype:trojan-activity;sid:84347187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.244.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484088/; classtype:trojan-activity;sid:84347188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.233.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484086/; classtype:trojan-activity;sid:84347186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484085)"; flow:established,from_client; content:"GET"; http_method; content:"/v4u5cb705p.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484085/; classtype:trojan-activity;sid:84347185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.78.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484084/; classtype:trojan-activity;sid:84347184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.89.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484083/; classtype:trojan-activity;sid:84347183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.222.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484082/; classtype:trojan-activity;sid:84347182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.60.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484081/; classtype:trojan-activity;sid:84347181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.163.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484080/; classtype:trojan-activity;sid:84347180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.177.200.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484079/; classtype:trojan-activity;sid:84347179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.183.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484078/; classtype:trojan-activity;sid:84347178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.17.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484077/; classtype:trojan-activity;sid:84347177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.240.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484076/; classtype:trojan-activity;sid:84347176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.46.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484075/; classtype:trojan-activity;sid:84347175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.101.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484074/; classtype:trojan-activity;sid:84347174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.187.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484073/; classtype:trojan-activity;sid:84347173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.172.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484072/; classtype:trojan-activity;sid:84347172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.165.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484071/; classtype:trojan-activity;sid:84347171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.183.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484070/; classtype:trojan-activity;sid:84347170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.161.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484069/; classtype:trojan-activity;sid:84347169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.155.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484068/; classtype:trojan-activity;sid:84347168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484067)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.0.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484067/; classtype:trojan-activity;sid:84347167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.226.197.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484066/; classtype:trojan-activity;sid:84347166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.46.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484065/; classtype:trojan-activity;sid:84347165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.240.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484064/; classtype:trojan-activity;sid:84347164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.101.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484063/; classtype:trojan-activity;sid:84347163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.187.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484062/; classtype:trojan-activity;sid:84347162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.165.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484060/; classtype:trojan-activity;sid:84347160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484061)"; flow:established,from_client; content:"GET"; http_method; content:"/g5vup1ut4x.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484061/; classtype:trojan-activity;sid:84347161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.63.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484059/; classtype:trojan-activity;sid:84347159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.20.130"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484058/; classtype:trojan-activity;sid:84347158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.172.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484057/; classtype:trojan-activity;sid:84347157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.27.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484056/; classtype:trojan-activity;sid:84347156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484055/; classtype:trojan-activity;sid:84347155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.63.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484054/; classtype:trojan-activity;sid:84347154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.163.57.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484053/; classtype:trojan-activity;sid:84347153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.75.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484052/; classtype:trojan-activity;sid:84347152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.20.130"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484051/; classtype:trojan-activity;sid:84347151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.92.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484050/; classtype:trojan-activity;sid:84347150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.27.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484049/; classtype:trojan-activity;sid:84347149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484048/; classtype:trojan-activity;sid:84347148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.75.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484047/; classtype:trojan-activity;sid:84347147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.176.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484046/; classtype:trojan-activity;sid:84347146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.86.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484045/; classtype:trojan-activity;sid:84347145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.153.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484044/; classtype:trojan-activity;sid:84347144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.163.57.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484042/; classtype:trojan-activity;sid:84347142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484043)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.uhaa4.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484043/; classtype:trojan-activity;sid:84347143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484041)"; flow:established,from_client; content:"GET"; http_method; content:"/pmjz7hjs9n.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484041/; classtype:trojan-activity;sid:84347141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.153.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484039/; classtype:trojan-activity;sid:84347139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.106.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484040/; classtype:trojan-activity;sid:84347140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.55.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484038/; classtype:trojan-activity;sid:84347138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.2.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484037/; classtype:trojan-activity;sid:84347137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.217.4.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484036/; classtype:trojan-activity;sid:84347136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.237.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484034/; classtype:trojan-activity;sid:84347134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.174.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484035/; classtype:trojan-activity;sid:84347135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.69.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484033/; classtype:trojan-activity;sid:84347133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.153.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484032/; classtype:trojan-activity;sid:84347132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.164.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484031/; classtype:trojan-activity;sid:84347131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.64.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484030/; classtype:trojan-activity;sid:84347130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.106.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484029/; classtype:trojan-activity;sid:84347129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.105.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484028/; classtype:trojan-activity;sid:84347128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.217.4.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484027/; classtype:trojan-activity;sid:84347127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.134.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484026/; classtype:trojan-activity;sid:84347126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484025/; classtype:trojan-activity;sid:84347125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.253.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484023/; classtype:trojan-activity;sid:84347123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.174.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484024/; classtype:trojan-activity;sid:84347124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.164.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484021/; classtype:trojan-activity;sid:84347121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.13.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484022/; classtype:trojan-activity;sid:84347122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.85.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484020/; classtype:trojan-activity;sid:84347120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.3.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484019/; classtype:trojan-activity;sid:84347119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.234.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484017/; classtype:trojan-activity;sid:84347117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.208.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484018/; classtype:trojan-activity;sid:84347118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.171.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484016/; classtype:trojan-activity;sid:84347116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.250.4.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484015/; classtype:trojan-activity;sid:84347115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484014)"; flow:established,from_client; content:"GET"; http_method; content:"/fpnie345wm.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484014/; classtype:trojan-activity;sid:84347114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.134.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484013/; classtype:trojan-activity;sid:84347113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.255.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484012/; classtype:trojan-activity;sid:84347112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.2.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484011/; classtype:trojan-activity;sid:84347111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.221.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484010/; classtype:trojan-activity;sid:84347110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.203.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484009/; classtype:trojan-activity;sid:84347109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.20.82"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484008/; classtype:trojan-activity;sid:84347108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483993)"; flow:established,from_client; content:"GET"; http_method; content:"/kiru1374/roblox-synapse/releases/download/v3.1.0/roblox.synapse.v3.1.0.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483993/; classtype:trojan-activity;sid:84347093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483994)"; flow:established,from_client; content:"GET"; http_method; content:"/r3dtop/chaos-executor/releases/download/v3.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483994/; classtype:trojan-activity;sid:84347094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483995)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483995/; classtype:trojan-activity;sid:84347095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483996)"; flow:established,from_client; content:"GET"; http_method; content:"/siwon1011/evon-executor/releases/download/v2.0/program.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483996/; classtype:trojan-activity;sid:84347096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483997)"; flow:established,from_client; content:"GET"; http_method; content:"/r3dtop/chaos-executor/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483997/; classtype:trojan-activity;sid:84347097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483998)"; flow:established,from_client; content:"GET"; http_method; content:"/killa-dotcom/roblox/releases/download/v2.7.9/roblox_v2.7.9.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483998/; classtype:trojan-activity;sid:84347098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483999)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinytx/roblox-nihon/releases/download/v3.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483999/; classtype:trojan-activity;sid:84347099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484000)"; flow:established,from_client; content:"GET"; http_method; content:"/r3dtop/chaos-executor/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484000/; classtype:trojan-activity;sid:84347100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484001)"; flow:established,from_client; content:"GET"; http_method; content:"/hteregr/roblox-krampus/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484001/; classtype:trojan-activity;sid:84347101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484002)"; flow:established,from_client; content:"GET"; http_method; content:"/siwon1011/evon-executor/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484002/; classtype:trojan-activity;sid:84347102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484003)"; flow:established,from_client; content:"GET"; http_method; content:"/00146664032q/dx9ware-roblox/releases/download/v2.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484003/; classtype:trojan-activity;sid:84347103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484004)"; flow:established,from_client; content:"GET"; http_method; content:"/hoang24092003/arceus-executor/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484004/; classtype:trojan-activity;sid:84347104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484005)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinytx/roblox-nihon/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484005/; classtype:trojan-activity;sid:84347105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484006)"; flow:established,from_client; content:"GET"; http_method; content:"/siwon1011/evon-executor/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484006/; classtype:trojan-activity;sid:84347106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484007)"; flow:established,from_client; content:"GET"; http_method; content:"/00146664032q/dx9ware-roblox/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3484007/; classtype:trojan-activity;sid:84347107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483988)"; flow:established,from_client; content:"GET"; http_method; content:"/loolsfrkg/roblox-oxygen/releases/download/v2.0/program.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483988/; classtype:trojan-activity;sid:84347088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483989)"; flow:established,from_client; content:"GET"; http_method; content:"/00146664032q/dx9ware-roblox/releases/download/v3.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483989/; classtype:trojan-activity;sid:84347089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483990)"; flow:established,from_client; content:"GET"; http_method; content:"/loolsfrkg/roblox-oxygen/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483990/; classtype:trojan-activity;sid:84347090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483991)"; flow:established,from_client; content:"GET"; http_method; content:"/hteregr/roblox-krampus/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483991/; classtype:trojan-activity;sid:84347091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483992)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinytx/roblox-nihon/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483992/; classtype:trojan-activity;sid:84347092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483987)"; flow:established,from_client; content:"GET"; http_method; content:"/00146664032q/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483987/; classtype:trojan-activity;sid:84347087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483985)"; flow:established,from_client; content:"GET"; http_method; content:"/amr414/roblox-celery/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483985/; classtype:trojan-activity;sid:84347085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483986)"; flow:established,from_client; content:"GET"; http_method; content:"/loolsfrkg/roblox-oxygen/releases/download/v3.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483986/; classtype:trojan-activity;sid:84347086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483983)"; flow:established,from_client; content:"GET"; http_method; content:"/hteregr/roblox-krampus/releases/download/v2.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483983/; classtype:trojan-activity;sid:84347083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483984)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v3.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483984/; classtype:trojan-activity;sid:84347084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483981)"; flow:established,from_client; content:"GET"; http_method; content:"/r3dtop/chaos-executor/releases/download/v2.0/program.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483981/; classtype:trojan-activity;sid:84347081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483982)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinytx/roblox-nihon/releases/download/v2.0/program.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483982/; classtype:trojan-activity;sid:84347082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483978)"; flow:established,from_client; content:"GET"; http_method; content:"/loolsfrkg/roblox-oxygen/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483978/; classtype:trojan-activity;sid:84347078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483979)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v2.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483979/; classtype:trojan-activity;sid:84347079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483980)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483980/; classtype:trojan-activity;sid:84347080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.249.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483977/; classtype:trojan-activity;sid:84347077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.76.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483976/; classtype:trojan-activity;sid:84347076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.10.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483975/; classtype:trojan-activity;sid:84347075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.234.243.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483974/; classtype:trojan-activity;sid:84347074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.153.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483973/; classtype:trojan-activity;sid:84347073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.101.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483972/; classtype:trojan-activity;sid:84347072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.255.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483971/; classtype:trojan-activity;sid:84347071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.142.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483970/; classtype:trojan-activity;sid:84347070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.29.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483969/; classtype:trojan-activity;sid:84347069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.221.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483968/; classtype:trojan-activity;sid:84347068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.236.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483967/; classtype:trojan-activity;sid:84347067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.22.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483966/; classtype:trojan-activity;sid:84347066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.5.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483963/; classtype:trojan-activity;sid:84347063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483964)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.140.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483964/; classtype:trojan-activity;sid:84347064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483965)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.210.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483965/; classtype:trojan-activity;sid:84347065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483961/; classtype:trojan-activity;sid:84347061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483962/; classtype:trojan-activity;sid:84347062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.98.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483960/; classtype:trojan-activity;sid:84347060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.36.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483959/; classtype:trojan-activity;sid:84347059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483958/; classtype:trojan-activity;sid:84347058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.251.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483957/; classtype:trojan-activity;sid:84347057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.243.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483956/; classtype:trojan-activity;sid:84347056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.243.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483955/; classtype:trojan-activity;sid:84347055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.142.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483954/; classtype:trojan-activity;sid:84347054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483953/; classtype:trojan-activity;sid:84347053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.76.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483952/; classtype:trojan-activity;sid:84347052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.225.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483951/; classtype:trojan-activity;sid:84347051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.10.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483950/; classtype:trojan-activity;sid:84347050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483947)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483947/; classtype:trojan-activity;sid:84347047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483941)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483941/; classtype:trojan-activity;sid:84347041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483942)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483942/; classtype:trojan-activity;sid:84347042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483943)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483943/; classtype:trojan-activity;sid:84347043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483944)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483944/; classtype:trojan-activity;sid:84347044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483945)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483945/; classtype:trojan-activity;sid:84347045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483939)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483939/; classtype:trojan-activity;sid:84347039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483923)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483923/; classtype:trojan-activity;sid:84347023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483924)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483924/; classtype:trojan-activity;sid:84347024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483925)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483925/; classtype:trojan-activity;sid:84347025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483926)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483926/; classtype:trojan-activity;sid:84347026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483927)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bot.gribostress.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483927/; classtype:trojan-activity;sid:84347027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483928)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bot.gribostress.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483928/; classtype:trojan-activity;sid:84347028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483929)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bot.gribostress.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483929/; classtype:trojan-activity;sid:84347029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483930)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bot.gribostress.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483930/; classtype:trojan-activity;sid:84347030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483931)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bot.gribostress.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483931/; classtype:trojan-activity;sid:84347031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483932)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bot.gribostress.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483932/; classtype:trojan-activity;sid:84347032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483933)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bot.gribostress.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483933/; classtype:trojan-activity;sid:84347033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483934)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bot.gribostress.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483934/; classtype:trojan-activity;sid:84347034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483935)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bot.gribostress.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483935/; classtype:trojan-activity;sid:84347035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483936)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bot.gribostress.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483936/; classtype:trojan-activity;sid:84347036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483937)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bot.gribostress.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483937/; classtype:trojan-activity;sid:84347037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.168.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483921/; classtype:trojan-activity;sid:84347021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483919)"; flow:established,from_client; content:"GET"; http_method; content:"/6a0a70iaxv.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483919/; classtype:trojan-activity;sid:84347019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.127.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483913/; classtype:trojan-activity;sid:84347013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.31.180.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483912/; classtype:trojan-activity;sid:84347012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.29.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483911/; classtype:trojan-activity;sid:84347011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483910/; classtype:trojan-activity;sid:84347010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.225.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483909/; classtype:trojan-activity;sid:84347009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483908)"; flow:established,from_client; content:"GET"; http_method; content:"/112/vfc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"192.3.101.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483908/; classtype:trojan-activity;sid:84347008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483907)"; flow:established,from_client; content:"GET"; http_method; content:"/kids/tyrosines.lzh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"aghayezayeat.ir"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483907/; classtype:trojan-activity;sid:84347007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.168.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483906/; classtype:trojan-activity;sid:84347006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483905)"; flow:established,from_client; content:"GET"; http_method; content:"/74/nices.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"192.3.101.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483905/; classtype:trojan-activity;sid:84347005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.63.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483902/; classtype:trojan-activity;sid:84347002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.47.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483903/; classtype:trojan-activity;sid:84347003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483904/; classtype:trojan-activity;sid:84347004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.31.180.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483901/; classtype:trojan-activity;sid:84347001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483900/; classtype:trojan-activity;sid:84347000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483897)"; flow:established,from_client; content:"GET"; http_method; content:"/file/flgaca4y"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mega.nz"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483897/; classtype:trojan-activity;sid:84346997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483898)"; flow:established,from_client; content:"GET"; http_method; content:"/taoduefilm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"t.ly"; http_host; depth:4; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483898/; classtype:trojan-activity;sid:84346998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483899)"; flow:established,from_client; content:"GET"; http_method; content:"/6f9e0d2f-e7db-4dcf-999c-dcbb8f4a16c2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mega.nz"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483899/; classtype:trojan-activity;sid:84346999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.63.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483896/; classtype:trojan-activity;sid:84346996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.89.27.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483895/; classtype:trojan-activity;sid:84346995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483894/; classtype:trojan-activity;sid:84346994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.240.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483893/; classtype:trojan-activity;sid:84346993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.43.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483892/; classtype:trojan-activity;sid:84346992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.251.20.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483890/; classtype:trojan-activity;sid:84346990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.118.12.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483891/; classtype:trojan-activity;sid:84346991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.47.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483889/; classtype:trojan-activity;sid:84346989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.33.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483888/; classtype:trojan-activity;sid:84346988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.236.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483886/; classtype:trojan-activity;sid:84346986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.101.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483887/; classtype:trojan-activity;sid:84346987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.216.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483885/; classtype:trojan-activity;sid:84346985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.89.27.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483884/; classtype:trojan-activity;sid:84346984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.97.160.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483883/; classtype:trojan-activity;sid:84346983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.55.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483882/; classtype:trojan-activity;sid:84346982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.87.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483881/; classtype:trojan-activity;sid:84346981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483880)"; flow:established,from_client; content:"GET"; http_method; content:"/confirmm2.com/visualimporter(32)communitysetup.msi"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"89.23.107.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483880/; classtype:trojan-activity;sid:84346980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.43.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483879/; classtype:trojan-activity;sid:84346979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483878)"; flow:established,from_client; content:"GET"; http_method; content:"/v1vf4j2xe6.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483878/; classtype:trojan-activity;sid:84346978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483877)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dlr.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"156.253.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483877/; classtype:trojan-activity;sid:84346977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483876)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.253.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483876/; classtype:trojan-activity;sid:84346976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483875)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dlr.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"156.253.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483875/; classtype:trojan-activity;sid:84346975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483874)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.253.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483874/; classtype:trojan-activity;sid:84346974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483868)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.253.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483868/; classtype:trojan-activity;sid:84346968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483869)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.253.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483869/; classtype:trojan-activity;sid:84346969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483870)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.253.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483870/; classtype:trojan-activity;sid:84346970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483871)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.253.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483871/; classtype:trojan-activity;sid:84346971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483872)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.253.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483872/; classtype:trojan-activity;sid:84346972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483873)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.253.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483873/; classtype:trojan-activity;sid:84346973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483866)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.253.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483866/; classtype:trojan-activity;sid:84346966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483867)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.253.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483867/; classtype:trojan-activity;sid:84346967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483863)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.253.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483863/; classtype:trojan-activity;sid:84346963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483864)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dlr.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"156.253.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483864/; classtype:trojan-activity;sid:84346964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483865)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.253.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483865/; classtype:trojan-activity;sid:84346965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483862)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dlr.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"156.253.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483862/; classtype:trojan-activity;sid:84346962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.230.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483859/; classtype:trojan-activity;sid:84346959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483860)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dlr.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"156.253.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483860/; classtype:trojan-activity;sid:84346960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483861)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dlr.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"156.253.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483861/; classtype:trojan-activity;sid:84346961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483854)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dlr.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"156.253.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483854/; classtype:trojan-activity;sid:84346954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483855)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dlr.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"156.253.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483855/; classtype:trojan-activity;sid:84346955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483856)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dlr.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"156.253.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483856/; classtype:trojan-activity;sid:84346956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483857)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.253.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483857/; classtype:trojan-activity;sid:84346957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483858)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.253.227.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483858/; classtype:trojan-activity;sid:84346958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.137.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483852/; classtype:trojan-activity;sid:84346952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.168.190.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483853/; classtype:trojan-activity;sid:84346953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.69.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483851/; classtype:trojan-activity;sid:84346951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.170.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483850/; classtype:trojan-activity;sid:84346950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.236.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483849/; classtype:trojan-activity;sid:84346949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.195.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483848/; classtype:trojan-activity;sid:84346948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483846)"; flow:established,from_client; content:"GET"; http_method; content:"/dss"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.156.84.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483846/; classtype:trojan-activity;sid:84346946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483847)"; flow:established,from_client; content:"GET"; http_method; content:"/586"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.156.84.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483847/; classtype:trojan-activity;sid:84346947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.140.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483844/; classtype:trojan-activity;sid:84346944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.231.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483845/; classtype:trojan-activity;sid:84346945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"75.175.82.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483843/; classtype:trojan-activity;sid:84346943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.168.190.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483842/; classtype:trojan-activity;sid:84346942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483838)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.156.84.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483838/; classtype:trojan-activity;sid:84346938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483839)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.156.84.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483839/; classtype:trojan-activity;sid:84346939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483840)"; flow:established,from_client; content:"GET"; http_method; content:"/co"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.156.84.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483840/; classtype:trojan-activity;sid:84346940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483841)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.156.84.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483841/; classtype:trojan-activity;sid:84346941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.255.15.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483837/; classtype:trojan-activity;sid:84346937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483828)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"104.168.101.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483828/; classtype:trojan-activity;sid:84346928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483829)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"104.168.101.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483829/; classtype:trojan-activity;sid:84346929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483830)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.156.84.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483830/; classtype:trojan-activity;sid:84346930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483831)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.156.84.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483831/; classtype:trojan-activity;sid:84346931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483832)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.156.84.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483832/; classtype:trojan-activity;sid:84346932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483833)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.156.84.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483833/; classtype:trojan-activity;sid:84346933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483834)"; flow:established,from_client; content:"GET"; http_method; content:"/dc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.156.84.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483834/; classtype:trojan-activity;sid:84346934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483835)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.156.84.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483835/; classtype:trojan-activity;sid:84346935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483836)"; flow:established,from_client; content:"GET"; http_method; content:"/arm61"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.156.84.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483836/; classtype:trojan-activity;sid:84346936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483826)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/naam/verygoodattitudewithgreatness.hta"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"192.3.101.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483826/; classtype:trojan-activity;sid:84346926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483827)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/swety/sheisverybeautifulgirlwithnicelipsandallgreat.hta"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"104.168.7.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483827/; classtype:trojan-activity;sid:84346927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.195.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483825/; classtype:trojan-activity;sid:84346925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483822)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/vncc/bestexperienceigotfromtheworldfromthegood.hta"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"192.3.101.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483822/; classtype:trojan-activity;sid:84346922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483823)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/milkmist/milk/milkmaidproductsareveryniceforentiretimetogivemebest.hta"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"144.91.127.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483823/; classtype:trojan-activity;sid:84346923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483824)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/vncc/vnc/bestexperienceigotfromtheworldfromthegood.hta"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"192.3.101.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483824/; classtype:trojan-activity;sid:84346924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.151.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483821/; classtype:trojan-activity;sid:84346921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.69.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483820/; classtype:trojan-activity;sid:84346920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483819)"; flow:established,from_client; content:"GET"; http_method; content:"/weeeeeconstraints.vbs"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"192.3.216.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483819/; classtype:trojan-activity;sid:84346919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483818)"; flow:established,from_client; content:"GET"; http_method; content:"/konlother2.1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"blackjag.s3.eu-north-1.amazonaws.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483818/; classtype:trojan-activity;sid:84346918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483817)"; flow:established,from_client; content:"GET"; http_method; content:"/givingbestthingsalwaysfor.hta"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"192.3.216.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483817/; classtype:trojan-activity;sid:84346917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.246.31.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483816/; classtype:trojan-activity;sid:84346916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.230.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483815/; classtype:trojan-activity;sid:84346915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.137.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483814/; classtype:trojan-activity;sid:84346914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.33.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483813/; classtype:trojan-activity;sid:84346913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.53.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483812/; classtype:trojan-activity;sid:84346912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.60.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483811/; classtype:trojan-activity;sid:84346911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483809)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/kbze/sweetgoodlifestartedwithsweetness.gif"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"198.12.81.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483809/; classtype:trojan-activity;sid:84346909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483810)"; flow:established,from_client; content:"GET"; http_method; content:"/242/svch.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"192.3.101.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483810/; classtype:trojan-activity;sid:84346910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.151.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483808/; classtype:trojan-activity;sid:84346908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.158.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483807/; classtype:trojan-activity;sid:84346907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.151.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483806/; classtype:trojan-activity;sid:84346906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.97.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483805/; classtype:trojan-activity;sid:84346905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.104.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483804/; classtype:trojan-activity;sid:84346904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483803)"; flow:established,from_client; content:"GET"; http_method; content:"/vmllvr8tx3.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483803/; classtype:trojan-activity;sid:84346903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.79.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483802/; classtype:trojan-activity;sid:84346902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.150.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483801/; classtype:trojan-activity;sid:84346901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483800)"; flow:established,from_client; content:"GET"; http_method; content:"/32wq2q.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"saftyplace.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483800/; classtype:trojan-activity;sid:84346900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483799)"; flow:established,from_client; content:"GET"; http_method; content:"/aav/compited.txt"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"courtyardhealthcare.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483799/; classtype:trojan-activity;sid:84346899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483798)"; flow:established,from_client; content:"GET"; http_method; content:"/confirmf.com/captcha1"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"62.60.234.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483798/; classtype:trojan-activity;sid:84346898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.234.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483797/; classtype:trojan-activity;sid:84346897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.150.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483795/; classtype:trojan-activity;sid:84346895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.49.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483796/; classtype:trojan-activity;sid:84346896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.87.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483794/; classtype:trojan-activity;sid:84346894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.89.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483793/; classtype:trojan-activity;sid:84346893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483791)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"google.meet-join.us"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483791/; classtype:trojan-activity;sid:84346891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483792)"; flow:established,from_client; content:"GET"; http_method; content:"/update.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"google.meet-join.us"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483792/; classtype:trojan-activity;sid:84346892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483790)"; flow:established,from_client; content:"GET"; http_method; content:"/fakeurl.htm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.149.146.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483790/; classtype:trojan-activity;sid:84346890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.152.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483789/; classtype:trojan-activity;sid:84346889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.246.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483788/; classtype:trojan-activity;sid:84346888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.153.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483787/; classtype:trojan-activity;sid:84346887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.60.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483786/; classtype:trojan-activity;sid:84346886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.43.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483785/; classtype:trojan-activity;sid:84346885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.5.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483784/; classtype:trojan-activity;sid:84346884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.32.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483783/; classtype:trojan-activity;sid:84346883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.80.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483782/; classtype:trojan-activity;sid:84346882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.48.66.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483781/; classtype:trojan-activity;sid:84346881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483780/; classtype:trojan-activity;sid:84346880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483779/; classtype:trojan-activity;sid:84346879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.134.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483778/; classtype:trojan-activity;sid:84346878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.87.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483777/; classtype:trojan-activity;sid:84346877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.28.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483776/; classtype:trojan-activity;sid:84346876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.67.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483775/; classtype:trojan-activity;sid:84346875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.152.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483774/; classtype:trojan-activity;sid:84346874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483773)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.253.227.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483773/; classtype:trojan-activity;sid:84346873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483772)"; flow:established,from_client; content:"GET"; http_method; content:"/uhbkgp1wg2.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483772/; classtype:trojan-activity;sid:84346872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.83.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483771/; classtype:trojan-activity;sid:84346871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.79.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483769/; classtype:trojan-activity;sid:84346869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.215.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483770/; classtype:trojan-activity;sid:84346870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.89.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483768/; classtype:trojan-activity;sid:84346868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.104.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483767/; classtype:trojan-activity;sid:84346867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.10.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483766/; classtype:trojan-activity;sid:84346866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483765)"; flow:established,from_client; content:"GET"; http_method; content:"/fuck"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.81.179.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483765/; classtype:trojan-activity;sid:84346865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.32.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483764/; classtype:trojan-activity;sid:84346864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483762)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"chvk-redan999.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483762/; classtype:trojan-activity;sid:84346862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483763)"; flow:established,from_client; content:"GET"; http_method; content:"/lgfj37bigyp9jmtc.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"chvk-redan999.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483763/; classtype:trojan-activity;sid:84346863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483761)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"rewiesgueste.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483761/; classtype:trojan-activity;sid:84346861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483759)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"booking.rewiesgueste.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483759/; classtype:trojan-activity;sid:84346859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483760)"; flow:established,from_client; content:"GET"; http_method; content:"/sign-in|3f|op_token=zxj81egvvyxv0ackyaqounlo3mm9it2qznk5un3prm3bpcmgscwf1dghvcml6zroaahr0chm6ly9hzg1pbi5ib29raw5nlmnvbs8qonsiyxv0af9hdhrlbxb0x2lkijoiyjezzgnlmjqtmgm5os00yjjllthiogutnji0njlln2y1zgq5in0yk1lhoetpzgcwyxpls1n1og5vz25uq3psci1mykt5txfxavnwannsmjv4wnm6bfmyntzcbgnvzguqezcsipujlk4nogbcafjd1nxosdi"; http_uri; depth:305; isdataat:!1,relative; nocase; content:"booking.rewiesgueste.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483760/; classtype:trojan-activity;sid:84346860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.80.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483758/; classtype:trojan-activity;sid:84346858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.27.155.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483757/; classtype:trojan-activity;sid:84346857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.67.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483756/; classtype:trojan-activity;sid:84346856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.31.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483752/; classtype:trojan-activity;sid:84346852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483753)"; flow:established,from_client; content:"GET"; http_method; content:"/ded/aeajvtqxqseno237.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483753/; classtype:trojan-activity;sid:84346853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483754)"; flow:established,from_client; content:"GET"; http_method; content:"/ded/fxlkpdcyz85.bin"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483754/; classtype:trojan-activity;sid:84346854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483755)"; flow:established,from_client; content:"GET"; http_method; content:"/ded/umdhdg.vdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483755/; classtype:trojan-activity;sid:84346855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.104.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483751/; classtype:trojan-activity;sid:84346851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.215.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483750/; classtype:trojan-activity;sid:84346850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.226.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483749/; classtype:trojan-activity;sid:84346849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483748/; classtype:trojan-activity;sid:84346848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483747)"; flow:established,from_client; content:"GET"; http_method; content:"/ded/tyinzttgemghxmi207.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.223.3.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483747/; classtype:trojan-activity;sid:84346847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483738)"; flow:established,from_client; content:"GET"; http_method; content:"/binarys/nyx4r.mpsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483738/; classtype:trojan-activity;sid:84346838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483739)"; flow:established,from_client; content:"GET"; http_method; content:"/binarys/nyx4r.arm7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483739/; classtype:trojan-activity;sid:84346839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483740)"; flow:established,from_client; content:"GET"; http_method; content:"/binarys/nyx4r.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483740/; classtype:trojan-activity;sid:84346840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483741)"; flow:established,from_client; content:"GET"; http_method; content:"/zeroday"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483741/; classtype:trojan-activity;sid:84346841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483742)"; flow:established,from_client; content:"GET"; http_method; content:"/binarys/nyx4r.x86"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483742/; classtype:trojan-activity;sid:84346842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483743)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483743/; classtype:trojan-activity;sid:84346843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483744)"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483744/; classtype:trojan-activity;sid:84346844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483745)"; flow:established,from_client; content:"GET"; http_method; content:"/binarys/nyx4r.spc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483745/; classtype:trojan-activity;sid:84346845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483746)"; flow:established,from_client; content:"GET"; http_method; content:"/binarys/nyx4r.arm5"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483746/; classtype:trojan-activity;sid:84346846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483718)"; flow:established,from_client; content:"GET"; http_method; content:"/tr"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483718/; classtype:trojan-activity;sid:84346818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483719)"; flow:established,from_client; content:"GET"; http_method; content:"/binarys/nyx4r.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483719/; classtype:trojan-activity;sid:84346819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483720)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483720/; classtype:trojan-activity;sid:84346820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483721)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483721/; classtype:trojan-activity;sid:84346821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483722)"; flow:established,from_client; content:"GET"; http_method; content:"/binarys/nyx4r.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483722/; classtype:trojan-activity;sid:84346822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483723)"; flow:established,from_client; content:"GET"; http_method; content:"/nightbot2.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483723/; classtype:trojan-activity;sid:84346823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483724)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"134.199.219.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483724/; classtype:trojan-activity;sid:84346824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483725)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483725/; classtype:trojan-activity;sid:84346825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483726)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483726/; classtype:trojan-activity;sid:84346826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483727)"; flow:established,from_client; content:"GET"; http_method; content:"/nightbot.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483727/; classtype:trojan-activity;sid:84346827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483728)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"134.199.219.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483728/; classtype:trojan-activity;sid:84346828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483729)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483729/; classtype:trojan-activity;sid:84346829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483730)"; flow:established,from_client; content:"GET"; http_method; content:"/oneday"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483730/; classtype:trojan-activity;sid:84346830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483731)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483731/; classtype:trojan-activity;sid:84346831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483732)"; flow:established,from_client; content:"GET"; http_method; content:"/telnet"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483732/; classtype:trojan-activity;sid:84346832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483733)"; flow:established,from_client; content:"GET"; http_method; content:"/binarys/nyx4r.arm"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483733/; classtype:trojan-activity;sid:84346833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483734)"; flow:established,from_client; content:"GET"; http_method; content:"/router"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483734/; classtype:trojan-activity;sid:84346834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483735)"; flow:established,from_client; content:"GET"; http_method; content:"/binarys/nyx4r.ppc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483735/; classtype:trojan-activity;sid:84346835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483736)"; flow:established,from_client; content:"GET"; http_method; content:"/echo"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483736/; classtype:trojan-activity;sid:84346836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483737)"; flow:established,from_client; content:"GET"; http_method; content:"/binarys/nyx4r.arm6"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"157.245.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483737/; classtype:trojan-activity;sid:84346837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483706)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"134.199.219.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483706/; classtype:trojan-activity;sid:84346806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483707)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"134.199.219.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483707/; classtype:trojan-activity;sid:84346807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483708)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"134.199.219.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483708/; classtype:trojan-activity;sid:84346808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483709)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"134.199.219.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483709/; classtype:trojan-activity;sid:84346809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483710)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"134.199.219.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483710/; classtype:trojan-activity;sid:84346810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483711)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"134.199.219.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483711/; classtype:trojan-activity;sid:84346811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483712)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"134.199.219.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483712/; classtype:trojan-activity;sid:84346812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483713)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"134.199.219.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483713/; classtype:trojan-activity;sid:84346813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483714)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"134.199.219.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483714/; classtype:trojan-activity;sid:84346814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483715)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"134.199.219.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483715/; classtype:trojan-activity;sid:84346815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483716)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"134.199.219.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483716/; classtype:trojan-activity;sid:84346816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483717)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"134.199.219.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483717/; classtype:trojan-activity;sid:84346817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.83.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483705/; classtype:trojan-activity;sid:84346805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.171.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483704/; classtype:trojan-activity;sid:84346804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483689)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483689/; classtype:trojan-activity;sid:84346789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483690)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483690/; classtype:trojan-activity;sid:84346790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483691)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483691/; classtype:trojan-activity;sid:84346791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483692)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.sparc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483692/; classtype:trojan-activity;sid:84346792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483693)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.armv5l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483693/; classtype:trojan-activity;sid:84346793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483694)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483694/; classtype:trojan-activity;sid:84346794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483695)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483695/; classtype:trojan-activity;sid:84346795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483696)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.armv7l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483696/; classtype:trojan-activity;sid:84346796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483697)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.i586"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483697/; classtype:trojan-activity;sid:84346797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483698)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.mipsel"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483698/; classtype:trojan-activity;sid:84346798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483699)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.powerpc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483699/; classtype:trojan-activity;sid:84346799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483700)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.armv6l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483700/; classtype:trojan-activity;sid:84346800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483701)"; flow:established,from_client; content:"GET"; http_method; content:"/dhjwak.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483701/; classtype:trojan-activity;sid:84346801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483702)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.armv4l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483702/; classtype:trojan-activity;sid:84346802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483703)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.i486"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.209.129.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483703/; classtype:trojan-activity;sid:84346803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.86.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483688/; classtype:trojan-activity;sid:84346788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.15.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483687/; classtype:trojan-activity;sid:84346787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.34.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483686/; classtype:trojan-activity;sid:84346786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.65.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483685/; classtype:trojan-activity;sid:84346785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.17.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483684/; classtype:trojan-activity;sid:84346784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483683)"; flow:established,from_client; content:"GET"; http_method; content:"/psmips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.59.132.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483683/; classtype:trojan-activity;sid:84346783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.245.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483682/; classtype:trojan-activity;sid:84346782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.124.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483681/; classtype:trojan-activity;sid:84346781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483677)"; flow:established,from_client; content:"GET"; http_method; content:"/psmpsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.59.132.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483677/; classtype:trojan-activity;sid:84346777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483678)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.59.132.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483678/; classtype:trojan-activity;sid:84346778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483679)"; flow:established,from_client; content:"GET"; http_method; content:"/udp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2.59.132.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483679/; classtype:trojan-activity;sid:84346779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483680)"; flow:established,from_client; content:"GET"; http_method; content:"/gdb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2.59.132.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483680/; classtype:trojan-activity;sid:84346780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.52.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483669/; classtype:trojan-activity;sid:84346769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483670)"; flow:established,from_client; content:"GET"; http_method; content:"/kitty.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.209.150.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483670/; classtype:trojan-activity;sid:84346770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483671)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.209.150.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483671/; classtype:trojan-activity;sid:84346771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483672)"; flow:established,from_client; content:"GET"; http_method; content:"/smips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"2.59.132.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483672/; classtype:trojan-activity;sid:84346772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483673)"; flow:established,from_client; content:"GET"; http_method; content:"/busybox-mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"2.59.132.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483673/; classtype:trojan-activity;sid:84346773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483674)"; flow:established,from_client; content:"GET"; http_method; content:"/std"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2.59.132.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483674/; classtype:trojan-activity;sid:84346774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483675)"; flow:established,from_client; content:"GET"; http_method; content:"/test"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.59.132.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483675/; classtype:trojan-activity;sid:84346775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483676)"; flow:established,from_client; content:"GET"; http_method; content:"/busybox-mipsel"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2.59.132.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483676/; classtype:trojan-activity;sid:84346776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483658)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.150.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483658/; classtype:trojan-activity;sid:84346758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483659)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.150.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483659/; classtype:trojan-activity;sid:84346759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483660)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.150.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483660/; classtype:trojan-activity;sid:84346760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483661)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"213.209.150.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483661/; classtype:trojan-activity;sid:84346761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483662)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.209.150.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483662/; classtype:trojan-activity;sid:84346762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483663)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.209.150.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483663/; classtype:trojan-activity;sid:84346763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483664)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.209.150.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483664/; classtype:trojan-activity;sid:84346764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483665)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.209.150.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483665/; classtype:trojan-activity;sid:84346765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483666)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.150.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483666/; classtype:trojan-activity;sid:84346766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483667)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.150.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483667/; classtype:trojan-activity;sid:84346767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483668)"; flow:established,from_client; content:"GET"; http_method; content:"/harm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"213.209.150.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483668/; classtype:trojan-activity;sid:84346768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.31.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483657/; classtype:trojan-activity;sid:84346757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483651)"; flow:established,from_client; content:"GET"; http_method; content:"/x01/zte"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.142.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483651/; classtype:trojan-activity;sid:84346751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483652)"; flow:established,from_client; content:"GET"; http_method; content:"/x01/rtk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.142.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483652/; classtype:trojan-activity;sid:84346752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483653)"; flow:established,from_client; content:"GET"; http_method; content:"/x01/root"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.142.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483653/; classtype:trojan-activity;sid:84346753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483654)"; flow:established,from_client; content:"GET"; http_method; content:"/x01/yarn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.142.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483654/; classtype:trojan-activity;sid:84346754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483655)"; flow:established,from_client; content:"GET"; http_method; content:"/x01/arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.142.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483655/; classtype:trojan-activity;sid:84346755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483656)"; flow:established,from_client; content:"GET"; http_method; content:"/x01/x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.142.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483656/; classtype:trojan-activity;sid:84346756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.122.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483650/; classtype:trojan-activity;sid:84346750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483644)"; flow:established,from_client; content:"GET"; http_method; content:"/x01/ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.142.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483644/; classtype:trojan-activity;sid:84346744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483645)"; flow:established,from_client; content:"GET"; http_method; content:"/x01/arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.142.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483645/; classtype:trojan-activity;sid:84346745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483646)"; flow:established,from_client; content:"GET"; http_method; content:"/x01/arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.142.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483646/; classtype:trojan-activity;sid:84346746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483647)"; flow:established,from_client; content:"GET"; http_method; content:"/x01/mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.142.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483647/; classtype:trojan-activity;sid:84346747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483648)"; flow:established,from_client; content:"GET"; http_method; content:"/x01/arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.142.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483648/; classtype:trojan-activity;sid:84346748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483649)"; flow:established,from_client; content:"GET"; http_method; content:"/x01/mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.142.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483649/; classtype:trojan-activity;sid:84346749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483642)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.135.194.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483642/; classtype:trojan-activity;sid:84346742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483643)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x32"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.135.194.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483643/; classtype:trojan-activity;sid:84346743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483633)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.135.194.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483633/; classtype:trojan-activity;sid:84346733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483634)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.135.194.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483634/; classtype:trojan-activity;sid:84346734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483635)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.135.194.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483635/; classtype:trojan-activity;sid:84346735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483636)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.135.194.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483636/; classtype:trojan-activity;sid:84346736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483637)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.135.194.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483637/; classtype:trojan-activity;sid:84346737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483638)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.135.194.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483638/; classtype:trojan-activity;sid:84346738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483639)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.135.194.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483639/; classtype:trojan-activity;sid:84346739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483640)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.135.194.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483640/; classtype:trojan-activity;sid:84346740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483641)"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.135.194.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483641/; classtype:trojan-activity;sid:84346741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483632)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"51.38.137.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483632/; classtype:trojan-activity;sid:84346732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483631)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.sh4"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"156.229.233.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483631/; classtype:trojan-activity;sid:84346731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483629)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.arm5"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"156.229.233.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483629/; classtype:trojan-activity;sid:84346729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483630)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.ppc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"156.229.233.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483630/; classtype:trojan-activity;sid:84346730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483619)"; flow:established,from_client; content:"GET"; http_method; content:"/%d1%81%d0%bf%d0%b8%d1%81%d0%be%d0%ba.xlsm"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"178.20.41.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483619/; classtype:trojan-activity;sid:84346719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.22.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483620/; classtype:trojan-activity;sid:84346720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483621)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.mips"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"156.229.233.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483621/; classtype:trojan-activity;sid:84346721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483622)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.mpsl"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"156.229.233.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483622/; classtype:trojan-activity;sid:84346722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483623)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.arm6"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"156.229.233.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483623/; classtype:trojan-activity;sid:84346723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483624)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.arm"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"156.229.233.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483624/; classtype:trojan-activity;sid:84346724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483625)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.m68k"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"156.229.233.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483625/; classtype:trojan-activity;sid:84346725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483626)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.x86"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"156.229.233.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483626/; classtype:trojan-activity;sid:84346726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483627)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.dbg"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"156.229.233.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483627/; classtype:trojan-activity;sid:84346727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483628)"; flow:established,from_client; content:"GET"; http_method; content:"/.5r3fqt67ew531has4231.arm7"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"156.229.233.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483628/; classtype:trojan-activity;sid:84346728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.15.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483618/; classtype:trojan-activity;sid:84346718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.21.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483617/; classtype:trojan-activity;sid:84346717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483615)"; flow:established,from_client; content:"GET"; http_method; content:"/msf.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.20.41.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483615/; classtype:trojan-activity;sid:84346715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483616)"; flow:established,from_client; content:"GET"; http_method; content:"/bug32.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.20.41.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483616/; classtype:trojan-activity;sid:84346716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483593)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.172.151.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483593/; classtype:trojan-activity;sid:84346693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483594)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.172.151.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483594/; classtype:trojan-activity;sid:84346694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483595)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bakery.bloggertasher.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483595/; classtype:trojan-activity;sid:84346695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483596)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.172.151.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483596/; classtype:trojan-activity;sid:84346696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483597)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.172.151.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483597/; classtype:trojan-activity;sid:84346697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483598)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bakery.bloggertasher.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483598/; classtype:trojan-activity;sid:84346698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483599)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bakery.bloggertasher.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483599/; classtype:trojan-activity;sid:84346699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483600)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.172.151.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483600/; classtype:trojan-activity;sid:84346700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483601)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"107.172.151.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483601/; classtype:trojan-activity;sid:84346701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483602)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.172.151.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483602/; classtype:trojan-activity;sid:84346702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483603)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bakery.bloggertasher.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483603/; classtype:trojan-activity;sid:84346703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483604)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bakery.bloggertasher.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483604/; classtype:trojan-activity;sid:84346704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483605)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bakery.bloggertasher.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483605/; classtype:trojan-activity;sid:84346705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483606)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.172.151.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483606/; classtype:trojan-activity;sid:84346706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483607)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.172.151.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483607/; classtype:trojan-activity;sid:84346707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483608)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.172.151.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483608/; classtype:trojan-activity;sid:84346708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483609)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.172.151.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483609/; classtype:trojan-activity;sid:84346709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483610)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bakery.bloggertasher.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483610/; classtype:trojan-activity;sid:84346710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483611)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bakery.bloggertasher.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483611/; classtype:trojan-activity;sid:84346711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483612)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bakery.bloggertasher.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483612/; classtype:trojan-activity;sid:84346712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483613)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bakery.bloggertasher.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483613/; classtype:trojan-activity;sid:84346713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483614)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bakery.bloggertasher.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483614/; classtype:trojan-activity;sid:84346714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.86.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483592/; classtype:trojan-activity;sid:84346692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.232.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483591/; classtype:trojan-activity;sid:84346691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483563)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.142.27.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483563/; classtype:trojan-activity;sid:84346663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483564)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srolangvan.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483564/; classtype:trojan-activity;sid:84346664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483565)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.142.27.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483565/; classtype:trojan-activity;sid:84346665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483566)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.142.27.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483566/; classtype:trojan-activity;sid:84346666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483567)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.142.27.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483567/; classtype:trojan-activity;sid:84346667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483568)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.142.27.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483568/; classtype:trojan-activity;sid:84346668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483569)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.142.27.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483569/; classtype:trojan-activity;sid:84346669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483570)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.142.27.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483570/; classtype:trojan-activity;sid:84346670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483571)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.142.27.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483571/; classtype:trojan-activity;sid:84346671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483572)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.142.27.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483572/; classtype:trojan-activity;sid:84346672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483573)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.142.27.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483573/; classtype:trojan-activity;sid:84346673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483574)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.142.27.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483574/; classtype:trojan-activity;sid:84346674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483575)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.142.27.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483575/; classtype:trojan-activity;sid:84346675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483576)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.142.27.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483576/; classtype:trojan-activity;sid:84346676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483577)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.142.27.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483577/; classtype:trojan-activity;sid:84346677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483578)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"srolangvan.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483578/; classtype:trojan-activity;sid:84346678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483579)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"srolangvan.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483579/; classtype:trojan-activity;sid:84346679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483580)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srolangvan.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483580/; classtype:trojan-activity;sid:84346680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483581)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"srolangvan.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483581/; classtype:trojan-activity;sid:84346681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483582)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srolangvan.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483582/; classtype:trojan-activity;sid:84346682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483583)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"srolangvan.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483583/; classtype:trojan-activity;sid:84346683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483584)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srolangvan.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483584/; classtype:trojan-activity;sid:84346684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483585)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srolangvan.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483585/; classtype:trojan-activity;sid:84346685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483586)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srolangvan.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483586/; classtype:trojan-activity;sid:84346686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483587)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"srolangvan.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483587/; classtype:trojan-activity;sid:84346687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483588)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"srolangvan.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483588/; classtype:trojan-activity;sid:84346688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483589)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"srolangvan.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483589/; classtype:trojan-activity;sid:84346689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483590)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"srolangvan.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483590/; classtype:trojan-activity;sid:84346690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.225.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483562/; classtype:trojan-activity;sid:84346662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.124.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483561/; classtype:trojan-activity;sid:84346661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.127.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483560/; classtype:trojan-activity;sid:84346660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483559)"; flow:established,from_client; content:"GET"; http_method; content:"/9yrhft9rjd.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483559/; classtype:trojan-activity;sid:84346659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483558)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"51.38.137.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483558/; classtype:trojan-activity;sid:84346658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.93.47.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483554/; classtype:trojan-activity;sid:84346654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483555)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.126.126.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483555/; classtype:trojan-activity;sid:84346655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483556)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.126.126.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483556/; classtype:trojan-activity;sid:84346656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483557)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.126.126.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483557/; classtype:trojan-activity;sid:84346657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.63.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483553/; classtype:trojan-activity;sid:84346653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483542)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"51.38.137.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483542/; classtype:trojan-activity;sid:84346642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483543)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.38.137.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483543/; classtype:trojan-activity;sid:84346643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483544)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.38.137.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483544/; classtype:trojan-activity;sid:84346644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483545)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.38.137.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483545/; classtype:trojan-activity;sid:84346645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483546)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.38.137.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483546/; classtype:trojan-activity;sid:84346646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483547)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.38.137.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483547/; classtype:trojan-activity;sid:84346647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483548)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.38.137.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483548/; classtype:trojan-activity;sid:84346648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483549)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"51.38.137.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483549/; classtype:trojan-activity;sid:84346649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483550)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"51.38.137.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483550/; classtype:trojan-activity;sid:84346650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483551)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"51.38.137.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483551/; classtype:trojan-activity;sid:84346651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483552)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"51.38.137.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483552/; classtype:trojan-activity;sid:84346652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.110.1.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483541/; classtype:trojan-activity;sid:84346641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.3.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483540/; classtype:trojan-activity;sid:84346640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483536)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"azmamiraixd.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483536/; classtype:trojan-activity;sid:84346636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483537)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"azmamiraixd.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483537/; classtype:trojan-activity;sid:84346637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483538)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"azmamiraixd.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483538/; classtype:trojan-activity;sid:84346638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483539)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"azmamiraixd.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483539/; classtype:trojan-activity;sid:84346639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483528)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"azmamiraixd.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483528/; classtype:trojan-activity;sid:84346628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483529)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"azmamiraixd.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483529/; classtype:trojan-activity;sid:84346629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483530)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"azmamiraixd.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483530/; classtype:trojan-activity;sid:84346630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483531)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"azmamiraixd.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483531/; classtype:trojan-activity;sid:84346631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483532)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"azmamiraixd.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483532/; classtype:trojan-activity;sid:84346632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483533)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"azmamiraixd.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483533/; classtype:trojan-activity;sid:84346633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483534)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"azmamiraixd.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483534/; classtype:trojan-activity;sid:84346634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483535)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"azmamiraixd.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483535/; classtype:trojan-activity;sid:84346635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.52.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483527/; classtype:trojan-activity;sid:84346627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483526)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483526/; classtype:trojan-activity;sid:84346626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483524)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.80.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483524/; classtype:trojan-activity;sid:84346624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483525)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483525/; classtype:trojan-activity;sid:84346625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483523)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"botx.tianyadd.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483523/; classtype:trojan-activity;sid:84346623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483522)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botx.tianyadd.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483522/; classtype:trojan-activity;sid:84346622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483520)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botx.tianyadd.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483520/; classtype:trojan-activity;sid:84346620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483521)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botx.tianyadd.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483521/; classtype:trojan-activity;sid:84346621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483513)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botx.tianyadd.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483513/; classtype:trojan-activity;sid:84346613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483514)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botx.tianyadd.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483514/; classtype:trojan-activity;sid:84346614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483515)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botx.tianyadd.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483515/; classtype:trojan-activity;sid:84346615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483516)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botx.tianyadd.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483516/; classtype:trojan-activity;sid:84346616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483517)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botx.tianyadd.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483517/; classtype:trojan-activity;sid:84346617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483518)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botx.tianyadd.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483518/; classtype:trojan-activity;sid:84346618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483519)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botx.tianyadd.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483519/; classtype:trojan-activity;sid:84346619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483510)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483510/; classtype:trojan-activity;sid:84346610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483511)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.80.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483511/; classtype:trojan-activity;sid:84346611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483512)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483512/; classtype:trojan-activity;sid:84346612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483505)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.80.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483505/; classtype:trojan-activity;sid:84346605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483506)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"196.251.80.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483506/; classtype:trojan-activity;sid:84346606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483507)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483507/; classtype:trojan-activity;sid:84346607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483508)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.80.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483508/; classtype:trojan-activity;sid:84346608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483509)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.80.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483509/; classtype:trojan-activity;sid:84346609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.121.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483504/; classtype:trojan-activity;sid:84346604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.10.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483503/; classtype:trojan-activity;sid:84346603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.237.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483502/; classtype:trojan-activity;sid:84346602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.65.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483501/; classtype:trojan-activity;sid:84346601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.124.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483500/; classtype:trojan-activity;sid:84346600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.122.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483499/; classtype:trojan-activity;sid:84346599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.29.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483498/; classtype:trojan-activity;sid:84346598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.232.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483497/; classtype:trojan-activity;sid:84346597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.225.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483496/; classtype:trojan-activity;sid:84346596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.21.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483495/; classtype:trojan-activity;sid:84346595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.248.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483494/; classtype:trojan-activity;sid:84346594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483491)"; flow:established,from_client; content:"GET"; http_method; content:"/d/pge7ehfw/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483491/; classtype:trojan-activity;sid:84346591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483492)"; flow:established,from_client; content:"GET"; http_method; content:"/d/oooyr5ue/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483492/; classtype:trojan-activity;sid:84346592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483489)"; flow:established,from_client; content:"GET"; http_method; content:"/d/n6drhlky/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483489/; classtype:trojan-activity;sid:84346589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483488)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/kbze/goodlifestartedwithsweetness.txt"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"198.12.81.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483488/; classtype:trojan-activity;sid:84346588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483486)"; flow:established,from_client; content:"GET"; http_method; content:"/base64444444444444444444444444444.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"192.3.220.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483486/; classtype:trojan-activity;sid:84346586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483487)"; flow:established,from_client; content:"GET"; http_method; content:"/120/csoss.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"23.95.235.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483487/; classtype:trojan-activity;sid:84346587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483483)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/myson/mygirlgreatthikinggoodforentiretimebestforme.hta"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"198.23.212.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483483/; classtype:trojan-activity;sid:84346583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483484)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/css/cs/givenmebestthingsentiretimetogivemebestof.hta"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"198.12.89.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483484/; classtype:trojan-activity;sid:84346584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483485)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/kbze/kbz/bestwaytocreatebetterthingsevermadeforme.hta"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"198.12.81.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483485/; classtype:trojan-activity;sid:84346585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483482)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/cbn/fwef.hta"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"198.12.89.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483482/; classtype:trojan-activity;sid:84346582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483477)"; flow:established,from_client; content:"GET"; http_method; content:"/550/cvvs.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"198.23.212.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483477/; classtype:trojan-activity;sid:84346577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483478)"; flow:established,from_client; content:"GET"; http_method; content:"/110/csoss.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"23.95.235.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483478/; classtype:trojan-activity;sid:84346578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483479)"; flow:established,from_client; content:"GET"; http_method; content:"/70/schost.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"23.95.235.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483479/; classtype:trojan-activity;sid:84346579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483480)"; flow:established,from_client; content:"GET"; http_method; content:"/55/cosses.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"198.12.89.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483480/; classtype:trojan-activity;sid:84346580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.241.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483475/; classtype:trojan-activity;sid:84346575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.127.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483476/; classtype:trojan-activity;sid:84346576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.89.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483474/; classtype:trojan-activity;sid:84346574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.224.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483473/; classtype:trojan-activity;sid:84346573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.237.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483472/; classtype:trojan-activity;sid:84346572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.30.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483471/; classtype:trojan-activity;sid:84346571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.207.64.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483470/; classtype:trojan-activity;sid:84346570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483468)"; flow:established,from_client; content:"GET"; http_method; content:"/d/ff1mzptg/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483468/; classtype:trojan-activity;sid:84346568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483469)"; flow:established,from_client; content:"GET"; http_method; content:"/d/l1hezdil/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483469/; classtype:trojan-activity;sid:84346569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.123.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483467/; classtype:trojan-activity;sid:84346567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.169.161.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483466/; classtype:trojan-activity;sid:84346566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.248.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483465/; classtype:trojan-activity;sid:84346565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483462)"; flow:established,from_client; content:"GET"; http_method; content:"/233/sino/aminthebestdutyservicewithgreatnessgiveniaminthebestduty_______iaminthebestdutyservicewithgreatnessgiven______iaminthebestdutyservicewithgreatnessgiveniaminthe.doc"; http_uri; depth:173; isdataat:!1,relative; nocase; content:"217.154.16.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483462/; classtype:trojan-activity;sid:84346562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483463)"; flow:established,from_client; content:"GET"; http_method; content:"/312/cros/nicepeoplesgoodpeoplesgreatskillforthepeoplesnice____________nicepeoplesgoodpeoplesgreatskillforthepeoplesnice_____________nicepeoplesgoodpeoplesgreatskillforthepeoplesnice.doc"; http_uri; depth:186; isdataat:!1,relative; nocase; content:"213.165.70.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483463/; classtype:trojan-activity;sid:84346563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483464)"; flow:established,from_client; content:"GET"; http_method; content:"/255/ssen/oybestgirlformybestkissesevermybestgirl________mybestgirlformybestkissesever______mybestgirlformybestkissesevermybestgirlformybest.doc"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"69.48.201.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483464/; classtype:trojan-activity;sid:84346564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483461)"; flow:established,from_client; content:"GET"; http_method; content:"/315/nicos/nicegirlwithbeautifulsmileandeyesfornicegirlwit________nicegirlwithbeautifulsmileandeyesfornicegirlwith__________nicegirlwithbeautifulsmileandeyesfor.doc"; http_uri; depth:164; isdataat:!1,relative; nocase; content:"213.165.70.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483461/; classtype:trojan-activity;sid:84346561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483460)"; flow:established,from_client; content:"GET"; http_method; content:"/315/nicegirlwithbeautifulsmileandeyesforever.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"213.165.70.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483460/; classtype:trojan-activity;sid:84346560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483453)"; flow:established,from_client; content:"GET"; http_method; content:"/111/nicegirlwecomebackwithnicepersoneverytimes.txt"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"217.154.16.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483453/; classtype:trojan-activity;sid:84346553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483454)"; flow:established,from_client; content:"GET"; http_method; content:"/530/cosses.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"172.245.123.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483454/; classtype:trojan-activity;sid:84346554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483455)"; flow:established,from_client; content:"GET"; http_method; content:"/131/casos.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"172.245.123.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483455/; classtype:trojan-activity;sid:84346555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483456)"; flow:established,from_client; content:"GET"; http_method; content:"/133/vfc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"172.245.123.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483456/; classtype:trojan-activity;sid:84346556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483457)"; flow:established,from_client; content:"GET"; http_method; content:"/233/iaminthebestdutyservicewithgreatnessgiven.txt"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"217.154.16.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483457/; classtype:trojan-activity;sid:84346557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483458)"; flow:established,from_client; content:"GET"; http_method; content:"/90/vsse.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"172.245.123.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483458/; classtype:trojan-activity;sid:84346558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483459)"; flow:established,from_client; content:"GET"; http_method; content:"/212/mybestgirlisawinmylifebetterwaystogetmebest.txt"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"172.245.163.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483459/; classtype:trojan-activity;sid:84346559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483447)"; flow:established,from_client; content:"GET"; http_method; content:"/215/easytogivebestthingswhichveryastmovingentire.hta"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"192.3.95.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483447/; classtype:trojan-activity;sid:84346547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483448)"; flow:established,from_client; content:"GET"; http_method; content:"/233/iaminthebestdutyservicewithgreatnessgiven.hta"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"217.154.16.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483448/; classtype:trojan-activity;sid:84346548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483449)"; flow:established,from_client; content:"GET"; http_method; content:"/111/ssnicegirlwecomebackwithnicepersoneverytime.hta"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"217.154.16.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483449/; classtype:trojan-activity;sid:84346549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483450)"; flow:established,from_client; content:"GET"; http_method; content:"/212/mybestgirlisawinmylifebetterwaystogetmebest.hta"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"172.245.163.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483450/; classtype:trojan-activity;sid:84346550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483451)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/gdxx/nicenamewithgreatskillworkingon.hta"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"172.245.123.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483451/; classtype:trojan-activity;sid:84346551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483452)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/mxo/sjjh.hta"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"172.245.123.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483452/; classtype:trojan-activity;sid:84346552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483444)"; flow:established,from_client; content:"GET"; http_method; content:"/255/hemybestgirlformybestkissesever.hta"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"69.48.201.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483444/; classtype:trojan-activity;sid:84346544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483445)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/amb/sweetbabaygirlwithmybestthinkingsevermademe.hta"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"192.3.95.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483445/; classtype:trojan-activity;sid:84346545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483446)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/ujj/microsftgoodforenoughtogetstory.hta"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"172.245.123.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483446/; classtype:trojan-activity;sid:84346546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483443)"; flow:established,from_client; content:"GET"; http_method; content:"/315/nicegirlwithbeautifulsmileandeyesfor.hta"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"213.165.70.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483443/; classtype:trojan-activity;sid:84346543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483442)"; flow:established,from_client; content:"GET"; http_method; content:"/255/mybestgirlformybestkissesever.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"69.48.201.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483442/; classtype:trojan-activity;sid:84346542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483436)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/c/encryption01.jpg"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"198.12.89.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483436/; classtype:trojan-activity;sid:84346536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483437)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/c/encryption01.jpg"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"69.48.201.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483437/; classtype:trojan-activity;sid:84346537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483438)"; flow:established,from_client; content:"GET"; http_method; content:"/d/fhun5bnu/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483438/; classtype:trojan-activity;sid:84346538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483439)"; flow:established,from_client; content:"GET"; http_method; content:"/d/bdweak3l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483439/; classtype:trojan-activity;sid:84346539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483440)"; flow:established,from_client; content:"GET"; http_method; content:"/d/pkegjsva/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483440/; classtype:trojan-activity;sid:84346540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483441)"; flow:established,from_client; content:"GET"; http_method; content:"/d/wmgltzfl/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483441/; classtype:trojan-activity;sid:84346541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483433)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/g/new_image.jpg"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"192.3.101.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483433/; classtype:trojan-activity;sid:84346533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483434)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/c/new_image.jpg"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"69.48.201.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483434/; classtype:trojan-activity;sid:84346534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483435)"; flow:established,from_client; content:"GET"; http_method; content:"/d/bzwrxbvj/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483435/; classtype:trojan-activity;sid:84346535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483431)"; flow:established,from_client; content:"GET"; http_method; content:"/d/mmnmbzsy/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483431/; classtype:trojan-activity;sid:84346531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483432)"; flow:established,from_client; content:"GET"; http_method; content:"/d/kl771kd5/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483432/; classtype:trojan-activity;sid:84346532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483430)"; flow:established,from_client; content:"GET"; http_method; content:"/d/jl1i8dlp/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483430/; classtype:trojan-activity;sid:84346530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483429)"; flow:established,from_client; content:"GET"; http_method; content:"/d/ncrmipwh/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483429/; classtype:trojan-activity;sid:84346529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483428)"; flow:established,from_client; content:"GET"; http_method; content:"/d/h90u7ore/0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483428/; classtype:trojan-activity;sid:84346528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483424)"; flow:established,from_client; content:"GET"; http_method; content:"/312/updates.js"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"213.165.70.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483424/; classtype:trojan-activity;sid:84346524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.224.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483423/; classtype:trojan-activity;sid:84346523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.237.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483422/; classtype:trojan-activity;sid:84346522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483421)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/zp89lw125809g1aatsa58/wayout-stars-launcher-open-beta.exe|3f|rlkey=aflbsqizbx6pbijha40d7xokr|7c|26|7c|st=btitx1i1|7c|26|7c|dl=1"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483421/; classtype:trojan-activity;sid:84346521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483420)"; flow:established,from_client; content:"GET"; http_method; content:"/0r07t804sd.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483420/; classtype:trojan-activity;sid:84346520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483419)"; flow:established,from_client; content:"GET"; http_method; content:"/236/swfit.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"107.174.231.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483419/; classtype:trojan-activity;sid:84346519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.184.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483417/; classtype:trojan-activity;sid:84346517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483418)"; flow:established,from_client; content:"GET"; http_method; content:"/77/cnos.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"107.174.231.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483418/; classtype:trojan-activity;sid:84346518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.89.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483416/; classtype:trojan-activity;sid:84346516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.190.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483414/; classtype:trojan-activity;sid:84346514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.79.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483415/; classtype:trojan-activity;sid:84346515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.207.64.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483413/; classtype:trojan-activity;sid:84346513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.212.71.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483412/; classtype:trojan-activity;sid:84346512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483411)"; flow:established,from_client; content:"GET"; http_method; content:"/home/brew/homebrew.dmg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"eztika.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483411/; classtype:trojan-activity;sid:84346511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.85.18.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483410/; classtype:trojan-activity;sid:84346510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.153.205.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483409/; classtype:trojan-activity;sid:84346509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.132.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483408/; classtype:trojan-activity;sid:84346508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.79.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483407/; classtype:trojan-activity;sid:84346507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483406)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1q6iji-1uq5ksrr3luufy3to-jfs4ec4d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483406/; classtype:trojan-activity;sid:84346506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483405)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1feadsn6fwefcrsfrdofktwape7nkpr1t"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483405/; classtype:trojan-activity;sid:84346505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.190.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483404/; classtype:trojan-activity;sid:84346504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.48.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483403/; classtype:trojan-activity;sid:84346503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.105.121.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483402/; classtype:trojan-activity;sid:84346502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.212.71.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483401/; classtype:trojan-activity;sid:84346501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.153.205.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483399/; classtype:trojan-activity;sid:84346499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.132.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483400/; classtype:trojan-activity;sid:84346500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483398)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"9mice-viperr.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483398/; classtype:trojan-activity;sid:84346498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483397)"; flow:established,from_client; content:"GET"; http_method; content:"/myirtpksbwyyufpi.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"9mice-viperr.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483397/; classtype:trojan-activity;sid:84346497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.30.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483395/; classtype:trojan-activity;sid:84346495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483396)"; flow:established,from_client; content:"GET"; http_method; content:"/sign-in|3f|op_token=zxj81egvvyxv0ackyaqounlo3mm9it2qznk5un3prm3bpcmgscwf1dghvcml6zroaahr0chm6ly9hzg1pbi5ib29raw5nlmnvbs8qonsiyxv0af9hdhrlbxb0x2lkijoiyjezzgnlmjqtmgm5os00yjjllthiogutnji0njlln2y1zgq5in0yk1lhoetpzgcwyxpls1n1og5vz25uq3psci1mykt5txfxavnwannsmjv4wnm6bfmyntzcbgnvzguqezcsipujlk4nogbcafjd1nxosdi"; http_uri; depth:305; isdataat:!1,relative; nocase; content:"booking.itemguestsid.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483396/; classtype:trojan-activity;sid:84346496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.123.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483392/; classtype:trojan-activity;sid:84346492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.67.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483391/; classtype:trojan-activity;sid:84346491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483390)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.36.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483390/; classtype:trojan-activity;sid:84346490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.38.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483389/; classtype:trojan-activity;sid:84346489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483388)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.153.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483388/; classtype:trojan-activity;sid:84346488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483386)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.104.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483386/; classtype:trojan-activity;sid:84346486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483387)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.142.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483387/; classtype:trojan-activity;sid:84346487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483382)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483382/; classtype:trojan-activity;sid:84346482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483383/; classtype:trojan-activity;sid:84346483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483384)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483384/; classtype:trojan-activity;sid:84346484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483385)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.7.140.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483385/; classtype:trojan-activity;sid:84346485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.171.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483381/; classtype:trojan-activity;sid:84346481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483380)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.57.22.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483380/; classtype:trojan-activity;sid:84346480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.232.8.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483379/; classtype:trojan-activity;sid:84346479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.238.95.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483377/; classtype:trojan-activity;sid:84346477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.58.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483378/; classtype:trojan-activity;sid:84346478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.245.118.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483375/; classtype:trojan-activity;sid:84346475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.3.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483376/; classtype:trojan-activity;sid:84346476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.195.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483374/; classtype:trojan-activity;sid:84346474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.66.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483373/; classtype:trojan-activity;sid:84346473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.104.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483372/; classtype:trojan-activity;sid:84346472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483371)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.atuu7.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483371/; classtype:trojan-activity;sid:84346471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.48.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483370/; classtype:trojan-activity;sid:84346470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483369)"; flow:established,from_client; content:"GET"; http_method; content:"/l4kad16pot.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483369/; classtype:trojan-activity;sid:84346469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483368)"; flow:established,from_client; content:"GET"; http_method; content:"/2025/03/18/05/546050645.jpg"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www2.0zz0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483368/; classtype:trojan-activity;sid:84346468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483366)"; flow:established,from_client; content:"GET"; http_method; content:"/d/irgds593"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483366/; classtype:trojan-activity;sid:84346466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483367)"; flow:established,from_client; content:"GET"; http_method; content:"/iujlrtsljaz.mp4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.70.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483367/; classtype:trojan-activity;sid:84346467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.29.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483365/; classtype:trojan-activity;sid:84346465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.234.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483364/; classtype:trojan-activity;sid:84346464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.41.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483363/; classtype:trojan-activity;sid:84346463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.104.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483362/; classtype:trojan-activity;sid:84346462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.67.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483361/; classtype:trojan-activity;sid:84346461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.147.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483359/; classtype:trojan-activity;sid:84346459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.195.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483360/; classtype:trojan-activity;sid:84346460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.93.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483358/; classtype:trojan-activity;sid:84346458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.188.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483356/; classtype:trojan-activity;sid:84346456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483357/; classtype:trojan-activity;sid:84346457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.122.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483355/; classtype:trojan-activity;sid:84346455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.61.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483354/; classtype:trojan-activity;sid:84346454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.18.208.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483353/; classtype:trojan-activity;sid:84346453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.247.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483352/; classtype:trojan-activity;sid:84346452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.6.96"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483351/; classtype:trojan-activity;sid:84346451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.25.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483350/; classtype:trojan-activity;sid:84346450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.227.55.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483349/; classtype:trojan-activity;sid:84346449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.88.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483348/; classtype:trojan-activity;sid:84346448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.122.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483347/; classtype:trojan-activity;sid:84346447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.234.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483346/; classtype:trojan-activity;sid:84346446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.255.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483345/; classtype:trojan-activity;sid:84346445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.140.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483344/; classtype:trojan-activity;sid:84346444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.108.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483342/; classtype:trojan-activity;sid:84346442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.67.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483343/; classtype:trojan-activity;sid:84346443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.23.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483341/; classtype:trojan-activity;sid:84346441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.147.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483340/; classtype:trojan-activity;sid:84346440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.41.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483339/; classtype:trojan-activity;sid:84346439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.96.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483338/; classtype:trojan-activity;sid:84346438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483337)"; flow:established,from_client; content:"GET"; http_method; content:"/40/sihost.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"192.3.176.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483337/; classtype:trojan-activity;sid:84346437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483336)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/wfc/seven.hta"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"192.3.176.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483336/; classtype:trojan-activity;sid:84346436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483334/; classtype:trojan-activity;sid:84346434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.93.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483335/; classtype:trojan-activity;sid:84346435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.184.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483333/; classtype:trojan-activity;sid:84346433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.18.208.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483332/; classtype:trojan-activity;sid:84346432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.121.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483331/; classtype:trojan-activity;sid:84346431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.237.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483330/; classtype:trojan-activity;sid:84346430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.126.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483329/; classtype:trojan-activity;sid:84346429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.47.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483328/; classtype:trojan-activity;sid:84346428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.82.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483327/; classtype:trojan-activity;sid:84346427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483326)"; flow:established,from_client; content:"GET"; http_method; content:"/eld/bir.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"magnapratama.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483326/; classtype:trojan-activity;sid:84346426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483325)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gfmux1gcgl3qbjugznayzblvshd80zku"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483325/; classtype:trojan-activity;sid:84346425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483324)"; flow:established,from_client; content:"GET"; http_method; content:"/d/nao7popi"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483324/; classtype:trojan-activity;sid:84346424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483323)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1t_h_eu-5meupkkfv3hodgoedmavqmpit"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483323/; classtype:trojan-activity;sid:84346423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.150.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483321/; classtype:trojan-activity;sid:84346421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.255.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483322/; classtype:trojan-activity;sid:84346422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483320)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1fhxdzqg5lkzllr_-c0tgrhpjvihp25ji"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483320/; classtype:trojan-activity;sid:84346420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483319)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1inbpqtz2qyus0zqldnbhutbzwgdghhs0"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483319/; classtype:trojan-activity;sid:84346419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.152.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483318/; classtype:trojan-activity;sid:84346418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483317)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1g4q6iay5qjzlgigjqnwftkdc5-o_2pqx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483317/; classtype:trojan-activity;sid:84346417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483315)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=135g9rbj1h6n1k9prmqgdnmjl3lw-unhh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483315/; classtype:trojan-activity;sid:84346415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483316)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hau14yej_4avfjuhym_bme4icvx1nqgq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483316/; classtype:trojan-activity;sid:84346416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.96.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483314/; classtype:trojan-activity;sid:84346414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483313)"; flow:established,from_client; content:"GET"; http_method; content:"/uc9fkln6sa.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483313/; classtype:trojan-activity;sid:84346413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.6.96"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483312/; classtype:trojan-activity;sid:84346412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483311)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=19oyoc9sosknxnhyr6e7yrdumyqr6ixdz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483311/; classtype:trojan-activity;sid:84346411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483309)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cl-nvhrrue_wg2zkpuxmvk40tk3knacb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483309/; classtype:trojan-activity;sid:84346409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483310)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wuuhgyp5h960nq0lytu0zaxialb78byb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483310/; classtype:trojan-activity;sid:84346410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483308)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10yn0gknsk0hopi5eyv9vxkxxvmwi9k4u"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483308/; classtype:trojan-activity;sid:84346408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.247.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483306/; classtype:trojan-activity;sid:84346406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483307)"; flow:established,from_client; content:"GET"; http_method; content:"/netflix.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"netflix.ethiotask.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483307/; classtype:trojan-activity;sid:84346407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483305)"; flow:established,from_client; content:"GET"; http_method; content:"/fodnvishvkshu/fedora.bat"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"onlyfans.fans"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483305/; classtype:trojan-activity;sid:84346405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483303)"; flow:established,from_client; content:"GET"; http_method; content:"/kms_activator.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"gian.com.ar"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483303/; classtype:trojan-activity;sid:84346403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483302)"; flow:established,from_client; content:"GET"; http_method; content:"/f/arturiasoftwarecenteragent.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"wired.lc"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483302/; classtype:trojan-activity;sid:84346402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483300)"; flow:established,from_client; content:"GET"; http_method; content:"/f/registry.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bv.pe"; http_host; depth:5; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483300/; classtype:trojan-activity;sid:84346400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483299)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1oazg5s1ezoxutupy7ar-lxjtkod-cczj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483299/; classtype:trojan-activity;sid:84346399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483295)"; flow:established,from_client; content:"GET"; http_method; content:"/f/carifred.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cvj.wtf"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483295/; classtype:trojan-activity;sid:84346395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483290)"; flow:established,from_client; content:"GET"; http_method; content:"/f/kind_setup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"qd.pe"; http_host; depth:5; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483290/; classtype:trojan-activity;sid:84346390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483291)"; flow:established,from_client; content:"GET"; http_method; content:"/f/processgovernor.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"qd.pe"; http_host; depth:5; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483291/; classtype:trojan-activity;sid:84346391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483285)"; flow:established,from_client; content:"GET"; http_method; content:"/f/stem_setup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pooper.lc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483285/; classtype:trojan-activity;sid:84346385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483288)"; flow:established,from_client; content:"GET"; http_method; content:"/f/processgovernor.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"safeguard.how"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483288/; classtype:trojan-activity;sid:84346388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483284)"; flow:established,from_client; content:"GET"; http_method; content:"/tax.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"infotax.pages.dev"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483284/; classtype:trojan-activity;sid:84346384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483283/; classtype:trojan-activity;sid:84346383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483274)"; flow:established,from_client; content:"GET"; http_method; content:"/25/items/new_image_20250318/new_image.jpg"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ia600204.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483274/; classtype:trojan-activity;sid:84346374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483273)"; flow:established,from_client; content:"GET"; http_method; content:"/d/ahxyprni"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483273/; classtype:trojan-activity;sid:84346373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.25.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483272/; classtype:trojan-activity;sid:84346372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.61.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483271/; classtype:trojan-activity;sid:84346371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.63.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483270/; classtype:trojan-activity;sid:84346370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483269)"; flow:established,from_client; content:"GET"; http_method; content:"/ikjhibihfujvbvhfgchcg/ghfvjgkygfgfsghsehdj/htfhjyftddr/lophgc.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"fithermaskbist.ydns.eu"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483269/; classtype:trojan-activity;sid:84346369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.142.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483267/; classtype:trojan-activity;sid:84346367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483268)"; flow:established,from_client; content:"GET"; http_method; content:"/1/rapsmarkerne.pcx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"tecnov.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483268/; classtype:trojan-activity;sid:84346368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.123.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483266/; classtype:trojan-activity;sid:84346366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483265)"; flow:established,from_client; content:"GET"; http_method; content:"/1/arrzdcuhupdxhnqliwptallal89.bin"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"tecnov.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483265/; classtype:trojan-activity;sid:84346365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.83.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483264/; classtype:trojan-activity;sid:84346364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483263)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/sweet/goodchoicewithgreathappiness.hta"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"198.23.212.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483263/; classtype:trojan-activity;sid:84346363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.30.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483262/; classtype:trojan-activity;sid:84346362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.241.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483261/; classtype:trojan-activity;sid:84346361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.207.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483260/; classtype:trojan-activity;sid:84346360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483259)"; flow:established,from_client; content:"GET"; http_method; content:"/a.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.159.113.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483259/; classtype:trojan-activity;sid:84346359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.47.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483258/; classtype:trojan-activity;sid:84346358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483257)"; flow:established,from_client; content:"GET"; http_method; content:"/update.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"toggleoff.dev"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483257/; classtype:trojan-activity;sid:84346357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483256)"; flow:established,from_client; content:"GET"; http_method; content:"/update.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"win-activate.space"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483256/; classtype:trojan-activity;sid:84346356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483255)"; flow:established,from_client; content:"GET"; http_method; content:"/update.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tradingview.my"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483255/; classtype:trojan-activity;sid:84346355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.30.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483254/; classtype:trojan-activity;sid:84346354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.127.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483253/; classtype:trojan-activity;sid:84346353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483252)"; flow:established,from_client; content:"GET"; http_method; content:"/update/update.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"getxi.store"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483252/; classtype:trojan-activity;sid:84346352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.83.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483250/; classtype:trojan-activity;sid:84346350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.243.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483249/; classtype:trojan-activity;sid:84346349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.107.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483248/; classtype:trojan-activity;sid:84346348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483247)"; flow:established,from_client; content:"GET"; http_method; content:"/developer/app.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"getxi.store"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483247/; classtype:trojan-activity;sid:84346347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483246/; classtype:trojan-activity;sid:84346346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.75.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483245/; classtype:trojan-activity;sid:84346345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.63.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483244/; classtype:trojan-activity;sid:84346344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.150.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483243/; classtype:trojan-activity;sid:84346343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.102.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483242/; classtype:trojan-activity;sid:84346342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.123.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483241/; classtype:trojan-activity;sid:84346341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483240)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wkw0el3b9pfsbjqvsbb6te4vyd6s_pmi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483240/; classtype:trojan-activity;sid:84346340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483239)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1fn1nzf6rf_atfl1munrehwce384pa8so"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483239/; classtype:trojan-activity;sid:84346339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.151.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483238/; classtype:trojan-activity;sid:84346338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483224)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.44.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483224/; classtype:trojan-activity;sid:84346324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.132.95.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483225/; classtype:trojan-activity;sid:84346325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483226)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.141.44.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483226/; classtype:trojan-activity;sid:84346326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483227)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.44.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483227/; classtype:trojan-activity;sid:84346327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483228)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.44.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483228/; classtype:trojan-activity;sid:84346328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483229)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.44.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483229/; classtype:trojan-activity;sid:84346329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483230)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.141.44.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483230/; classtype:trojan-activity;sid:84346330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483231)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.44.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483231/; classtype:trojan-activity;sid:84346331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483232)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.141.44.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483232/; classtype:trojan-activity;sid:84346332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483233)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.141.44.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483233/; classtype:trojan-activity;sid:84346333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483234)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.141.44.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483234/; classtype:trojan-activity;sid:84346334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483235)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.141.44.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483235/; classtype:trojan-activity;sid:84346335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483236)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.44.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483236/; classtype:trojan-activity;sid:84346336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483237)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.44.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483237/; classtype:trojan-activity;sid:84346337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483178)"; flow:established,from_client; content:"GET"; http_method; content:"/hiss.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.123.46.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483178/; classtype:trojan-activity;sid:84346278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483185)"; flow:established,from_client; content:"GET"; http_method; content:"/hiss.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.123.46.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483185/; classtype:trojan-activity;sid:84346285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483187)"; flow:established,from_client; content:"GET"; http_method; content:"/hiss.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.123.46.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483187/; classtype:trojan-activity;sid:84346287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483193)"; flow:established,from_client; content:"GET"; http_method; content:"/tuna.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.123.46.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483193/; classtype:trojan-activity;sid:84346293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.198.128.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483163/; classtype:trojan-activity;sid:84346263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.91.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483162/; classtype:trojan-activity;sid:84346262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.93.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483161/; classtype:trojan-activity;sid:84346261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483160)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.x86"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"193.200.78.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483160/; classtype:trojan-activity;sid:84346260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483159)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.m68k"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"193.200.78.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483159/; classtype:trojan-activity;sid:84346259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483156)"; flow:established,from_client; content:"GET"; http_method; content:"/teeth"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"190.123.46.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483156/; classtype:trojan-activity;sid:84346256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483157)"; flow:established,from_client; content:"GET"; http_method; content:"/hiss.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.123.46.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483157/; classtype:trojan-activity;sid:84346257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483158)"; flow:established,from_client; content:"GET"; http_method; content:"/tuna.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.123.46.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483158/; classtype:trojan-activity;sid:84346258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483140)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm7"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"193.200.78.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483140/; classtype:trojan-activity;sid:84346240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483141)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm5"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"193.200.78.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483141/; classtype:trojan-activity;sid:84346241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483142)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm6"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"193.200.78.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483142/; classtype:trojan-activity;sid:84346242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483143)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm5"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"raw.intenseproxy.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483143/; classtype:trojan-activity;sid:84346243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483144)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.mips"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"193.200.78.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483144/; classtype:trojan-activity;sid:84346244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483145)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.sh4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"193.200.78.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483145/; classtype:trojan-activity;sid:84346245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483146)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.x86"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"raw.intenseproxy.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483146/; classtype:trojan-activity;sid:84346246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483147)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.mpsl"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"193.200.78.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483147/; classtype:trojan-activity;sid:84346247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483148)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.m68k"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"raw.intenseproxy.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483148/; classtype:trojan-activity;sid:84346248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483149)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.200.78.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483149/; classtype:trojan-activity;sid:84346249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483150)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm7"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"raw.intenseproxy.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483150/; classtype:trojan-activity;sid:84346250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483151)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm6"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"raw.intenseproxy.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483151/; classtype:trojan-activity;sid:84346251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483152)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.mpsl"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"raw.intenseproxy.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483152/; classtype:trojan-activity;sid:84346252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483153)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.sh4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"raw.intenseproxy.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483153/; classtype:trojan-activity;sid:84346253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483154)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"raw.intenseproxy.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483154/; classtype:trojan-activity;sid:84346254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483155)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.mips"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"raw.intenseproxy.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483155/; classtype:trojan-activity;sid:84346255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483137)"; flow:established,from_client; content:"GET"; http_method; content:"/cd/0/get/cmosg94aldvwjbxk3fa0dvmglm2ys2v78rxo_e8esgryiax5u3x-_kiqa5tiran9r9hycurnrnhzpii5z2g4k8a3sd521vf8u3_uvkppcabb-rzgx3_pztiskhjmehy5tirgul6rjyouhccfb4b8zvho/file|3f|dl=1"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"uc7302405be53e06267700e88cf1.dl.dropboxusercontent.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483137/; classtype:trojan-activity;sid:84346237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.207.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483136/; classtype:trojan-activity;sid:84346236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.75.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483135/; classtype:trojan-activity;sid:84346235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483134)"; flow:established,from_client; content:"GET"; http_method; content:"/gb8jy0qki5.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483134/; classtype:trojan-activity;sid:84346234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.85.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483133/; classtype:trojan-activity;sid:84346233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.132.95.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483132/; classtype:trojan-activity;sid:84346232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.136.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483131/; classtype:trojan-activity;sid:84346231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.102.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483130/; classtype:trojan-activity;sid:84346230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483128)"; flow:established,from_client; content:"GET"; http_method; content:"/cd/0/get/cmmfjlforjrn4swkg8prejjw-3lpbmsnlqowe32vgaj7wnhbvwxpyng89sgg_ex-yfexppopowblctehqeewmjm6cjlxi51b5hkknulclueupnozlni1ra-a4cuy83qq5u8gsud9dkbsrrgsvnqekysc/file|3f|dl=1"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"uc75d9fd0501bdbadf97bafd46c5.dl.dropboxusercontent.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483128/; classtype:trojan-activity;sid:84346228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483127)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"160.191.86.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483127/; classtype:trojan-activity;sid:84346227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.29.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483126/; classtype:trojan-activity;sid:84346226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.188.185.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483125/; classtype:trojan-activity;sid:84346225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.185.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483124/; classtype:trojan-activity;sid:84346224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.241.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483123/; classtype:trojan-activity;sid:84346223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.128.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483122/; classtype:trojan-activity;sid:84346222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.92.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483121/; classtype:trojan-activity;sid:84346221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.78.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483120/; classtype:trojan-activity;sid:84346220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.201.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483119/; classtype:trojan-activity;sid:84346219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.246.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483118/; classtype:trojan-activity;sid:84346218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483117/; classtype:trojan-activity;sid:84346217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.252.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483116/; classtype:trojan-activity;sid:84346216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.136.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483115/; classtype:trojan-activity;sid:84346215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.56.89.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483114/; classtype:trojan-activity;sid:84346214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.165.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483113/; classtype:trojan-activity;sid:84346213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483112)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.axei3.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483112/; classtype:trojan-activity;sid:84346212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.33.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483111/; classtype:trojan-activity;sid:84346211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.243.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483110/; classtype:trojan-activity;sid:84346210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.240.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483109/; classtype:trojan-activity;sid:84346209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.34.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483108/; classtype:trojan-activity;sid:84346208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.89.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483107/; classtype:trojan-activity;sid:84346207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.156.6.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483106/; classtype:trojan-activity;sid:84346206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.55.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483105/; classtype:trojan-activity;sid:84346205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.236.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483104/; classtype:trojan-activity;sid:84346204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.10.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483103/; classtype:trojan-activity;sid:84346203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.108.214.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483101/; classtype:trojan-activity;sid:84346201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.185.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483102/; classtype:trojan-activity;sid:84346202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483096/; classtype:trojan-activity;sid:84346196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.3.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483097/; classtype:trojan-activity;sid:84346197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.230.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483098/; classtype:trojan-activity;sid:84346198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483099/; classtype:trojan-activity;sid:84346199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.150.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483100/; classtype:trojan-activity;sid:84346200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.102.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483095/; classtype:trojan-activity;sid:84346195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.68.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483094/; classtype:trojan-activity;sid:84346194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.248.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483092/; classtype:trojan-activity;sid:84346192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483093)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.128.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483093/; classtype:trojan-activity;sid:84346193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.201.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483090/; classtype:trojan-activity;sid:84346190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483091/; classtype:trojan-activity;sid:84346191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.150.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483089/; classtype:trojan-activity;sid:84346189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.17.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483088/; classtype:trojan-activity;sid:84346188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.119.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483087/; classtype:trojan-activity;sid:84346187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.128.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483086/; classtype:trojan-activity;sid:84346186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.78.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483085/; classtype:trojan-activity;sid:84346185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.195.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483084/; classtype:trojan-activity;sid:84346184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.169.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483083/; classtype:trojan-activity;sid:84346183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483081)"; flow:established,from_client; content:"GET"; http_method; content:"/sb360.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"38.49.40.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483081/; classtype:trojan-activity;sid:84346181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483082)"; flow:established,from_client; content:"GET"; http_method; content:"/456.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"38.49.40.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483082/; classtype:trojan-activity;sid:84346182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.92.213"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483080/; classtype:trojan-activity;sid:84346180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.117.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483079/; classtype:trojan-activity;sid:84346179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.10.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483078/; classtype:trojan-activity;sid:84346178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483077)"; flow:established,from_client; content:"GET"; http_method; content:"/ixdj33po20.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483077/; classtype:trojan-activity;sid:84346177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.240.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483076/; classtype:trojan-activity;sid:84346176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.42.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483074/; classtype:trojan-activity;sid:84346174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.13.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483075/; classtype:trojan-activity;sid:84346175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.91.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483072/; classtype:trojan-activity;sid:84346172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.137.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483073/; classtype:trojan-activity;sid:84346173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.122.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483070/; classtype:trojan-activity;sid:84346170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.143.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483071/; classtype:trojan-activity;sid:84346171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483069/; classtype:trojan-activity;sid:84346169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483068/; classtype:trojan-activity;sid:84346168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.156.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483067/; classtype:trojan-activity;sid:84346167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.108.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483066/; classtype:trojan-activity;sid:84346166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.178.181.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483065/; classtype:trojan-activity;sid:84346165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.55.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483064/; classtype:trojan-activity;sid:84346164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.29.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483063/; classtype:trojan-activity;sid:84346163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.137.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483062/; classtype:trojan-activity;sid:84346162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.189.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483061/; classtype:trojan-activity;sid:84346161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483060)"; flow:established,from_client; content:"GET"; http_method; content:"/hqnhqyul185.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"udire.webpg.it"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483060/; classtype:trojan-activity;sid:84346160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483058)"; flow:established,from_client; content:"GET"; http_method; content:"/harmonikaerne.mix"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"udire.webpg.it"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483058/; classtype:trojan-activity;sid:84346158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483059)"; flow:established,from_client; content:"GET"; http_method; content:"/herrefodbold.psd"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"udire.webpg.it"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483059/; classtype:trojan-activity;sid:84346159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483057)"; flow:established,from_client; content:"GET"; http_method; content:"/6692507dc4994101/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.92.46.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483057/; classtype:trojan-activity;sid:84346157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483055)"; flow:established,from_client; content:"GET"; http_method; content:"/6692507dc4994101/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.92.46.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483055/; classtype:trojan-activity;sid:84346155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483056)"; flow:established,from_client; content:"GET"; http_method; content:"/6692507dc4994101/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.92.46.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483056/; classtype:trojan-activity;sid:84346156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483051)"; flow:established,from_client; content:"GET"; http_method; content:"/6692507dc4994101/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.92.46.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483051/; classtype:trojan-activity;sid:84346151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483052)"; flow:established,from_client; content:"GET"; http_method; content:"/6692507dc4994101/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.92.46.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483052/; classtype:trojan-activity;sid:84346152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483053)"; flow:established,from_client; content:"GET"; http_method; content:"/6692507dc4994101/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.92.46.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483053/; classtype:trojan-activity;sid:84346153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483054)"; flow:established,from_client; content:"GET"; http_method; content:"/6692507dc4994101/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.92.46.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483054/; classtype:trojan-activity;sid:84346154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.25.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483050/; classtype:trojan-activity;sid:84346150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483049)"; flow:established,from_client; content:"GET"; http_method; content:"/public/workdrive-external/download/738jn06b0b85bc7784c66b2166ef914db787a|3f|x-cli-msg=%7b%22linkid%22%3a%224vodbcgvkk-xj0ge%22%2c%22isfileowner%22%3afalse%2c%22version%22%3a%221.0%22%7d"; http_uri; depth:186; isdataat:!1,relative; nocase; content:"files-accl.zohoexternal.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483049/; classtype:trojan-activity;sid:84346149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.195.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483048/; classtype:trojan-activity;sid:84346148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.46.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483047/; classtype:trojan-activity;sid:84346147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483046)"; flow:established,from_client; content:"GET"; http_method; content:"/agreement"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"documentupdate.short.gy"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483046/; classtype:trojan-activity;sid:84346146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483045)"; flow:established,from_client; content:"GET"; http_method; content:"/client-build.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"calnendy.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483045/; classtype:trojan-activity;sid:84346145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483044)"; flow:established,from_client; content:"GET"; http_method; content:"/api/uploads/zht74bjjy3j/download/"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"norishare.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483044/; classtype:trojan-activity;sid:84346144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483043)"; flow:established,from_client; content:"GET"; http_method; content:"/apps/startapp.ps1"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"updateappdd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483043/; classtype:trojan-activity;sid:84346143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483040)"; flow:established,from_client; content:"GET"; http_method; content:"/apps/getapp.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"updateappdd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483040/; classtype:trojan-activity;sid:84346140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483041)"; flow:established,from_client; content:"GET"; http_method; content:"/3amneoz/roblox-celery/releases/download/v2.0/program.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483041/; classtype:trojan-activity;sid:84346141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483042)"; flow:established,from_client; content:"GET"; http_method; content:"/apps/getapp2.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"updateappdd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483042/; classtype:trojan-activity;sid:84346142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483039)"; flow:established,from_client; content:"GET"; http_method; content:"/apps/startapp2.ps1"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"updateappdd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483039/; classtype:trojan-activity;sid:84346139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483037)"; flow:established,from_client; content:"GET"; http_method; content:"/jkse.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483037/; classtype:trojan-activity;sid:84346137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483038)"; flow:established,from_client; content:"GET"; http_method; content:"/jkse.arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483038/; classtype:trojan-activity;sid:84346138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483036)"; flow:established,from_client; content:"GET"; http_method; content:"/ezertrsdcret/roblox-cryptic-executor/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483036/; classtype:trojan-activity;sid:84346136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483035)"; flow:established,from_client; content:"GET"; http_method; content:"/ezertrsdcret/roblox-cryptic-executor/releases/download/v3.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483035/; classtype:trojan-activity;sid:84346135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483033)"; flow:established,from_client; content:"GET"; http_method; content:"/trioxidep/lunar-executor/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483033/; classtype:trojan-activity;sid:84346133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483034)"; flow:established,from_client; content:"GET"; http_method; content:"/alfroy/roblox-incognito/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483034/; classtype:trojan-activity;sid:84346134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483032)"; flow:established,from_client; content:"GET"; http_method; content:"/felixjoji370/codex-roblox/releases/download/v3.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483032/; classtype:trojan-activity;sid:84346132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483030)"; flow:established,from_client; content:"GET"; http_method; content:"/iampoo31331/hydrogen-executor/releases/download/v1.0/executor.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483030/; classtype:trojan-activity;sid:84346130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483031)"; flow:established,from_client; content:"GET"; http_method; content:"/3amneoz/roblox-celery/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483031/; classtype:trojan-activity;sid:84346131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483022)"; flow:established,from_client; content:"GET"; http_method; content:"/trioxidep/lunar-executor/releases/download/v3.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483022/; classtype:trojan-activity;sid:84346122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483023)"; flow:established,from_client; content:"GET"; http_method; content:"/solodeveloperop/roexec-executor/releases/download/v2.0/program.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483023/; classtype:trojan-activity;sid:84346123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483024)"; flow:established,from_client; content:"GET"; http_method; content:"/trioxidep/lunar-executor/releases/download/v2.0/program.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483024/; classtype:trojan-activity;sid:84346124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483025)"; flow:established,from_client; content:"GET"; http_method; content:"/thealonemax/roexec-executor/releases/download/v1.0/executor.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483025/; classtype:trojan-activity;sid:84346125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483026)"; flow:established,from_client; content:"GET"; http_method; content:"/progmainging/roblox-celery/releases/download/2.9.9-alpha.2/roblox.celery.2.9.9.alpha.2.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483026/; classtype:trojan-activity;sid:84346126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483027)"; flow:established,from_client; content:"GET"; http_method; content:"/doszxc/hydrogen-executor/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483027/; classtype:trojan-activity;sid:84346127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483028)"; flow:established,from_client; content:"GET"; http_method; content:"/doszxc/hydrogen-executor/releases/download/v3.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483028/; classtype:trojan-activity;sid:84346128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483029)"; flow:established,from_client; content:"GET"; http_method; content:"/masterlines/electron-executor/releases/download/v1.0/executor.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483029/; classtype:trojan-activity;sid:84346129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483018)"; flow:established,from_client; content:"GET"; http_method; content:"/alfroy/roblox-incognito/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483018/; classtype:trojan-activity;sid:84346118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483019)"; flow:established,from_client; content:"GET"; http_method; content:"/masterlines/electron-executor/releases/download/v2.0/program.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483019/; classtype:trojan-activity;sid:84346119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483020)"; flow:established,from_client; content:"GET"; http_method; content:"/doszxc/hydrogen-executor/releases/download/v2.0/program.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483020/; classtype:trojan-activity;sid:84346120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483021)"; flow:established,from_client; content:"GET"; http_method; content:"/pochimoli/electron-executor/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483021/; classtype:trojan-activity;sid:84346121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483017)"; flow:established,from_client; content:"GET"; http_method; content:"/pochimoli/electron-executor/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483017/; classtype:trojan-activity;sid:84346117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483015)"; flow:established,from_client; content:"GET"; http_method; content:"/thealonemax/roexec-executor/releases/download/v2.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483015/; classtype:trojan-activity;sid:84346115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483016)"; flow:established,from_client; content:"GET"; http_method; content:"/felixjoji370/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483016/; classtype:trojan-activity;sid:84346116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483011)"; flow:established,from_client; content:"GET"; http_method; content:"/trioxidep/lunar-executor/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483011/; classtype:trojan-activity;sid:84346111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483012)"; flow:established,from_client; content:"GET"; http_method; content:"/coccicar/mobiledit-forensic-express-pro-free/releases/download/3.7.0/mobiledit.forensic.express.pro.free.3.7.0.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483012/; classtype:trojan-activity;sid:84346112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483013)"; flow:established,from_client; content:"GET"; http_method; content:"/felixjoji370/codex-roblox/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483013/; classtype:trojan-activity;sid:84346113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483014)"; flow:established,from_client; content:"GET"; http_method; content:"/doszxc/hydrogen-executor/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483014/; classtype:trojan-activity;sid:84346114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483009)"; flow:established,from_client; content:"GET"; http_method; content:"/felixjoji370/codex-roblox/releases/download/v2.0/program.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483009/; classtype:trojan-activity;sid:84346109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483010)"; flow:established,from_client; content:"GET"; http_method; content:"/documente-elvetia"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"bonidasrl.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483010/; classtype:trojan-activity;sid:84346110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483007)"; flow:established,from_client; content:"GET"; http_method; content:"/techuser-567/keyword-researcher-pro-cracked/releases/download/v1.7.5/keyword.researcher.pro.cracked.v1.7.5.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483007/; classtype:trojan-activity;sid:84346107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483008)"; flow:established,from_client; content:"GET"; http_method; content:"/alfroy/roblox-incognito/releases/download/v3.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483008/; classtype:trojan-activity;sid:84346108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483004)"; flow:established,from_client; content:"GET"; http_method; content:"/ezertrsdcret/roblox-cryptic-executor/releases/download/v2.0/program.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483004/; classtype:trojan-activity;sid:84346104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483005)"; flow:established,from_client; content:"GET"; http_method; content:"/drippedpig/delta-executor/releases/download/1.8.6/delta.executor.1.8.6.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483005/; classtype:trojan-activity;sid:84346105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483006)"; flow:established,from_client; content:"GET"; http_method; content:"/alfroy/roblox-incognito/releases/download/v2.0/program.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483006/; classtype:trojan-activity;sid:84346106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.42.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483003/; classtype:trojan-activity;sid:84346103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.108.214.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483002/; classtype:trojan-activity;sid:84346102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.210.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483000/; classtype:trojan-activity;sid:84346100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.202.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483001/; classtype:trojan-activity;sid:84346101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.13.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482999/; classtype:trojan-activity;sid:84346099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.25.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482998/; classtype:trojan-activity;sid:84346098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.113.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482997/; classtype:trojan-activity;sid:84346097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.60.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482996/; classtype:trojan-activity;sid:84346096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.55.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482995/; classtype:trojan-activity;sid:84346095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.71.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482994/; classtype:trojan-activity;sid:84346094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.180.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482993/; classtype:trojan-activity;sid:84346093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.60.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482992/; classtype:trojan-activity;sid:84346092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.108.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482991/; classtype:trojan-activity;sid:84346091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.234.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482990/; classtype:trojan-activity;sid:84346090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.88.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482989/; classtype:trojan-activity;sid:84346089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.46.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482988/; classtype:trojan-activity;sid:84346088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.67.0.231"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482987/; classtype:trojan-activity;sid:84346087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.191.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482985/; classtype:trojan-activity;sid:84346085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.178.181.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482986/; classtype:trojan-activity;sid:84346086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.210.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482984/; classtype:trojan-activity;sid:84346084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.202.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482983/; classtype:trojan-activity;sid:84346083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.113.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482982/; classtype:trojan-activity;sid:84346082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.130.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482981/; classtype:trojan-activity;sid:84346081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.67.62.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482980/; classtype:trojan-activity;sid:84346080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.240.99.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482979/; classtype:trojan-activity;sid:84346079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.71.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482978/; classtype:trojan-activity;sid:84346078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.159.168.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482977/; classtype:trojan-activity;sid:84346077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482976)"; flow:established,from_client; content:"GET"; http_method; content:"/eetmxs2utx.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482976/; classtype:trojan-activity;sid:84346076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.180.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482975/; classtype:trojan-activity;sid:84346075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.179.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482974/; classtype:trojan-activity;sid:84346074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.121.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482973/; classtype:trojan-activity;sid:84346073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.234.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482972/; classtype:trojan-activity;sid:84346072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.105.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482971/; classtype:trojan-activity;sid:84346071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.214.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482970/; classtype:trojan-activity;sid:84346070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.67.0.231"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482969/; classtype:trojan-activity;sid:84346069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.117.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482968/; classtype:trojan-activity;sid:84346068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.140.81.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482967/; classtype:trojan-activity;sid:84346067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.240.99.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482966/; classtype:trojan-activity;sid:84346066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.3.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482965/; classtype:trojan-activity;sid:84346065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.234.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482964/; classtype:trojan-activity;sid:84346064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.130.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482963/; classtype:trojan-activity;sid:84346063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.214.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482962/; classtype:trojan-activity;sid:84346062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.127.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482961/; classtype:trojan-activity;sid:84346061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482960/; classtype:trojan-activity;sid:84346060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.162.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482959/; classtype:trojan-activity;sid:84346059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.215.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482958/; classtype:trojan-activity;sid:84346058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482957/; classtype:trojan-activity;sid:84346057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.117.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482956/; classtype:trojan-activity;sid:84346056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.210.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482955/; classtype:trojan-activity;sid:84346055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.189.78.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482954/; classtype:trojan-activity;sid:84346054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.88.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482953/; classtype:trojan-activity;sid:84346053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.232.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482952/; classtype:trojan-activity;sid:84346052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.3.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482951/; classtype:trojan-activity;sid:84346051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"164.163.25.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482950/; classtype:trojan-activity;sid:84346050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.234.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482949/; classtype:trojan-activity;sid:84346049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.47.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482948/; classtype:trojan-activity;sid:84346048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482947/; classtype:trojan-activity;sid:84346047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.3.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482946/; classtype:trojan-activity;sid:84346046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.48.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482945/; classtype:trojan-activity;sid:84346045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482944)"; flow:established,from_client; content:"GET"; http_method; content:"/3ca9v4pus6.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482944/; classtype:trojan-activity;sid:84346044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.216.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482943/; classtype:trojan-activity;sid:84346043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.127.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482942/; classtype:trojan-activity;sid:84346042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.208.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482941/; classtype:trojan-activity;sid:84346041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482940/; classtype:trojan-activity;sid:84346040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.140.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482939/; classtype:trojan-activity;sid:84346039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.127.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482938/; classtype:trojan-activity;sid:84346038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.137.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482937/; classtype:trojan-activity;sid:84346037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.117.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482936/; classtype:trojan-activity;sid:84346036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.156.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482935/; classtype:trojan-activity;sid:84346035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.189.78.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482934/; classtype:trojan-activity;sid:84346034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482933/; classtype:trojan-activity;sid:84346033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.162.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482932/; classtype:trojan-activity;sid:84346032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.99.162"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482931/; classtype:trojan-activity;sid:84346031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.88.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482930/; classtype:trojan-activity;sid:84346030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.9.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482929/; classtype:trojan-activity;sid:84346029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.244.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482928/; classtype:trojan-activity;sid:84346028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.173.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482927/; classtype:trojan-activity;sid:84346027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.189.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482926/; classtype:trojan-activity;sid:84346026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.48.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482925/; classtype:trojan-activity;sid:84346025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.23.147"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482924/; classtype:trojan-activity;sid:84346024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.216.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482922/; classtype:trojan-activity;sid:84346022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.140.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482923/; classtype:trojan-activity;sid:84346023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.127.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482921/; classtype:trojan-activity;sid:84346021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.242.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482920/; classtype:trojan-activity;sid:84346020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.61.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482919/; classtype:trojan-activity;sid:84346019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.83.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482918/; classtype:trojan-activity;sid:84346018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.233.203.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482917/; classtype:trojan-activity;sid:84346017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.109.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482915/; classtype:trojan-activity;sid:84346015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.8.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482916/; classtype:trojan-activity;sid:84346016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.146.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482914/; classtype:trojan-activity;sid:84346014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.46.86.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482913/; classtype:trojan-activity;sid:84346013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482912/; classtype:trojan-activity;sid:84346012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.146.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482911/; classtype:trojan-activity;sid:84346011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.57.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482909/; classtype:trojan-activity;sid:84346009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.161.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482910/; classtype:trojan-activity;sid:84346010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482908)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.106.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482908/; classtype:trojan-activity;sid:84346008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.138.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482906/; classtype:trojan-activity;sid:84346006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482907)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.27.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482907/; classtype:trojan-activity;sid:84346007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482903)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.83.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482903/; classtype:trojan-activity;sid:84346003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482904)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482904/; classtype:trojan-activity;sid:84346004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482905)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.122.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482905/; classtype:trojan-activity;sid:84346005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482902)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.19.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482902/; classtype:trojan-activity;sid:84346002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.177.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482900/; classtype:trojan-activity;sid:84346000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.55.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482901/; classtype:trojan-activity;sid:84346001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.119.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482899/; classtype:trojan-activity;sid:84345999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.188.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482897/; classtype:trojan-activity;sid:84345997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482898)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.1.25"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482898/; classtype:trojan-activity;sid:84345998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.19.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482896/; classtype:trojan-activity;sid:84345996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.231.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482895/; classtype:trojan-activity;sid:84345995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.60.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482894/; classtype:trojan-activity;sid:84345994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.43.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482893/; classtype:trojan-activity;sid:84345993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.46.86.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482892/; classtype:trojan-activity;sid:84345992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.89.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482891/; classtype:trojan-activity;sid:84345991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.79.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482890/; classtype:trojan-activity;sid:84345990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.66.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482889/; classtype:trojan-activity;sid:84345989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.242.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482888/; classtype:trojan-activity;sid:84345988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.77.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482887/; classtype:trojan-activity;sid:84345987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.119.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482885/; classtype:trojan-activity;sid:84345985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.228.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482886/; classtype:trojan-activity;sid:84345986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482884)"; flow:established,from_client; content:"GET"; http_method; content:"/y73131ncau.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482884/; classtype:trojan-activity;sid:84345984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.228.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482883/; classtype:trojan-activity;sid:84345983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.255.47.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482882/; classtype:trojan-activity;sid:84345982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.109.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482881/; classtype:trojan-activity;sid:84345981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.176.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482880/; classtype:trojan-activity;sid:84345980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.8.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482879/; classtype:trojan-activity;sid:84345979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.188.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482878/; classtype:trojan-activity;sid:84345978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.17.133.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482877/; classtype:trojan-activity;sid:84345977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.139.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482876/; classtype:trojan-activity;sid:84345976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.80.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482875/; classtype:trojan-activity;sid:84345975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.62.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482874/; classtype:trojan-activity;sid:84345974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.79.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482872/; classtype:trojan-activity;sid:84345972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.228.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482873/; classtype:trojan-activity;sid:84345973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.55.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482871/; classtype:trojan-activity;sid:84345971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.187.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482869/; classtype:trojan-activity;sid:84345969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.79.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482870/; classtype:trojan-activity;sid:84345970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.119.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482868/; classtype:trojan-activity;sid:84345968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.233.203.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482867/; classtype:trojan-activity;sid:84345967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.172.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482866/; classtype:trojan-activity;sid:84345966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.125.6.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482865/; classtype:trojan-activity;sid:84345965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.228.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482864/; classtype:trojan-activity;sid:84345964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.139.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482863/; classtype:trojan-activity;sid:84345963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.79.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482862/; classtype:trojan-activity;sid:84345962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.17.133.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482861/; classtype:trojan-activity;sid:84345961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.80.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482860/; classtype:trojan-activity;sid:84345960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.63.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482859/; classtype:trojan-activity;sid:84345959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.83.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482858/; classtype:trojan-activity;sid:84345958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.163.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482857/; classtype:trojan-activity;sid:84345957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.87.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482855/; classtype:trojan-activity;sid:84345955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.37.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482856/; classtype:trojan-activity;sid:84345956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482854)"; flow:established,from_client; content:"GET"; http_method; content:"/7yb8f9ejbt.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482854/; classtype:trojan-activity;sid:84345954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.125.6.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482853/; classtype:trojan-activity;sid:84345953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.227.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482852/; classtype:trojan-activity;sid:84345952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.224.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482851/; classtype:trojan-activity;sid:84345951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.39.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482850/; classtype:trojan-activity;sid:84345950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.99.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482849/; classtype:trojan-activity;sid:84345949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.142.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482848/; classtype:trojan-activity;sid:84345948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.1.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482847/; classtype:trojan-activity;sid:84345947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.198.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482846/; classtype:trojan-activity;sid:84345946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.85.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482845/; classtype:trojan-activity;sid:84345945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.36.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482844/; classtype:trojan-activity;sid:84345944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.142.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482843/; classtype:trojan-activity;sid:84345943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.255.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482842/; classtype:trojan-activity;sid:84345942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.39.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482841/; classtype:trojan-activity;sid:84345941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.198.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482840/; classtype:trojan-activity;sid:84345940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.186.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482839/; classtype:trojan-activity;sid:84345939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.215.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482838/; classtype:trojan-activity;sid:84345938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.1.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482837/; classtype:trojan-activity;sid:84345937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.251.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482836/; classtype:trojan-activity;sid:84345936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.36.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482835/; classtype:trojan-activity;sid:84345935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.215.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482834/; classtype:trojan-activity;sid:84345934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482833/; classtype:trojan-activity;sid:84345933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.10.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482832/; classtype:trojan-activity;sid:84345932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482831)"; flow:established,from_client; content:"GET"; http_method; content:"/c77ps81kdr.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482831/; classtype:trojan-activity;sid:84345931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.224.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482830/; classtype:trojan-activity;sid:84345930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.21.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482829/; classtype:trojan-activity;sid:84345929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.251.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482828/; classtype:trojan-activity;sid:84345928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.215.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482827/; classtype:trojan-activity;sid:84345927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.177.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482826/; classtype:trojan-activity;sid:84345926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.61.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482825/; classtype:trojan-activity;sid:84345925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.79.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482823/; classtype:trojan-activity;sid:84345923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.178.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482824/; classtype:trojan-activity;sid:84345924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.97.95.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482822/; classtype:trojan-activity;sid:84345922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.215.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482821/; classtype:trojan-activity;sid:84345921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.89.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482820/; classtype:trojan-activity;sid:84345920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.7.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482819/; classtype:trojan-activity;sid:84345919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.47.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482815/; classtype:trojan-activity;sid:84345915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.206.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482816/; classtype:trojan-activity;sid:84345916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.124.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482817/; classtype:trojan-activity;sid:84345917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482818/; classtype:trojan-activity;sid:84345918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482813/; classtype:trojan-activity;sid:84345913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.244.73.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482814/; classtype:trojan-activity;sid:84345914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.156.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482812/; classtype:trojan-activity;sid:84345912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.200.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482811/; classtype:trojan-activity;sid:84345911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482806)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.148.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482806/; classtype:trojan-activity;sid:84345906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482807)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482807/; classtype:trojan-activity;sid:84345907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.98.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482808/; classtype:trojan-activity;sid:84345908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.195.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482809/; classtype:trojan-activity;sid:84345909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.97.95.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482810/; classtype:trojan-activity;sid:84345910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.62.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482805/; classtype:trojan-activity;sid:84345905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.60.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482804/; classtype:trojan-activity;sid:84345904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482801)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.239.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482801/; classtype:trojan-activity;sid:84345901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.198.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482802/; classtype:trojan-activity;sid:84345902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.198.85.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482803/; classtype:trojan-activity;sid:84345903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.231.153.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482800/; classtype:trojan-activity;sid:84345900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482799/; classtype:trojan-activity;sid:84345899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.165.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3482798/; classtype:trojan-activity;sid:84345898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.3.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482797/; classtype:trojan-activity;sid:84345897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.239.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482796/; classtype:trojan-activity;sid:84345896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482795)"; flow:established,from_client; content:"GET"; http_method; content:"/0giwmo3ahv.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482795/; classtype:trojan-activity;sid:84345895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.89.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482794/; classtype:trojan-activity;sid:84345894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.254.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482792/; classtype:trojan-activity;sid:84345892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.61.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482793/; classtype:trojan-activity;sid:84345893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.22.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482791/; classtype:trojan-activity;sid:84345891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.215.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482790/; classtype:trojan-activity;sid:84345890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.190.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482789/; classtype:trojan-activity;sid:84345889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.89.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482788/; classtype:trojan-activity;sid:84345888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.237.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482787/; classtype:trojan-activity;sid:84345887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.165.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482786/; classtype:trojan-activity;sid:84345886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.106.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482785/; classtype:trojan-activity;sid:84345885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482784/; classtype:trojan-activity;sid:84345884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.190.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482783/; classtype:trojan-activity;sid:84345883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.239.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482782/; classtype:trojan-activity;sid:84345882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482781/; classtype:trojan-activity;sid:84345881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.22.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482779/; classtype:trojan-activity;sid:84345879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.59.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482780/; classtype:trojan-activity;sid:84345880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.251.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482778/; classtype:trojan-activity;sid:84345878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.168.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482777/; classtype:trojan-activity;sid:84345877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.89.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482776/; classtype:trojan-activity;sid:84345876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.237.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482775/; classtype:trojan-activity;sid:84345875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.12.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482773/; classtype:trojan-activity;sid:84345873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.106.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482774/; classtype:trojan-activity;sid:84345874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.46.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482772/; classtype:trojan-activity;sid:84345872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.201.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482771/; classtype:trojan-activity;sid:84345871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.59.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482770/; classtype:trojan-activity;sid:84345870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.226.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482769/; classtype:trojan-activity;sid:84345869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.99.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482767/; classtype:trojan-activity;sid:84345867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.164.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482768/; classtype:trojan-activity;sid:84345868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.168.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482766/; classtype:trojan-activity;sid:84345866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.201.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482765/; classtype:trojan-activity;sid:84345865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.7.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482764/; classtype:trojan-activity;sid:84345864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482763)"; flow:established,from_client; content:"GET"; http_method; content:"/zblp6umber.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.anticsblooper.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482763/; classtype:trojan-activity;sid:84345863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.143.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482762/; classtype:trojan-activity;sid:84345862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.138.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482761/; classtype:trojan-activity;sid:84345861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.204.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482760/; classtype:trojan-activity;sid:84345860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.88.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482759/; classtype:trojan-activity;sid:84345859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.164.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482758/; classtype:trojan-activity;sid:84345858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.244.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482757/; classtype:trojan-activity;sid:84345857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.58.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482756/; classtype:trojan-activity;sid:84345856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.243.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482755/; classtype:trojan-activity;sid:84345855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.138.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482754/; classtype:trojan-activity;sid:84345854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.227.133.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482753/; classtype:trojan-activity;sid:84345853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.88.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482752/; classtype:trojan-activity;sid:84345852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.204.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482751/; classtype:trojan-activity;sid:84345851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.55.179.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482750/; classtype:trojan-activity;sid:84345850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.91.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482749/; classtype:trojan-activity;sid:84345849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482748)"; flow:established,from_client; content:"GET"; http_method; content:"/zwi7ev0nyh.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.overhangchump.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482748/; classtype:trojan-activity;sid:84345848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.156.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482747/; classtype:trojan-activity;sid:84345847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.133.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482746/; classtype:trojan-activity;sid:84345846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.138.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482745/; classtype:trojan-activity;sid:84345845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.226.26.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482742/; classtype:trojan-activity;sid:84345842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.46.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482743/; classtype:trojan-activity;sid:84345843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.19.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482744/; classtype:trojan-activity;sid:84345844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.67.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482741/; classtype:trojan-activity;sid:84345841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.91.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482740/; classtype:trojan-activity;sid:84345840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.21.134"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482739/; classtype:trojan-activity;sid:84345839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.55.179.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482738/; classtype:trojan-activity;sid:84345838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.244.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482737/; classtype:trojan-activity;sid:84345837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482736/; classtype:trojan-activity;sid:84345836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.119.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482735/; classtype:trojan-activity;sid:84345835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.137.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482734/; classtype:trojan-activity;sid:84345834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.48.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482733/; classtype:trojan-activity;sid:84345833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.173.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482732/; classtype:trojan-activity;sid:84345832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.138.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482731/; classtype:trojan-activity;sid:84345831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.150.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482730/; classtype:trojan-activity;sid:84345830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.67.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482729/; classtype:trojan-activity;sid:84345829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.132.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482728/; classtype:trojan-activity;sid:84345828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.21.134"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482727/; classtype:trojan-activity;sid:84345827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.238.145.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482726/; classtype:trojan-activity;sid:84345826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.204.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482725/; classtype:trojan-activity;sid:84345825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.173.211.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482723/; classtype:trojan-activity;sid:84345823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.98.38.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482724/; classtype:trojan-activity;sid:84345824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.105.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482722/; classtype:trojan-activity;sid:84345822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.104.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482721/; classtype:trojan-activity;sid:84345821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.130.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482720/; classtype:trojan-activity;sid:84345820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.74.120.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482717/; classtype:trojan-activity;sid:84345817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482718)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.241.209.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482718/; classtype:trojan-activity;sid:84345818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.88.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482719/; classtype:trojan-activity;sid:84345819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.190.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482716/; classtype:trojan-activity;sid:84345816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.203.92.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482715/; classtype:trojan-activity;sid:84345815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.15.10.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482714/; classtype:trojan-activity;sid:84345814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.248.10.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482713/; classtype:trojan-activity;sid:84345813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482712/; classtype:trojan-activity;sid:84345812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.48.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482711/; classtype:trojan-activity;sid:84345811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.0.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482710/; classtype:trojan-activity;sid:84345810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.150.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482709/; classtype:trojan-activity;sid:84345809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482708)"; flow:established,from_client; content:"GET"; http_method; content:"/bkysku6rlq.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.overhangchump.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482708/; classtype:trojan-activity;sid:84345808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.219.13.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482707/; classtype:trojan-activity;sid:84345807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.173.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482706/; classtype:trojan-activity;sid:84345806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.23.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482705/; classtype:trojan-activity;sid:84345805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.238.145.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482704/; classtype:trojan-activity;sid:84345804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.168.89.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482703/; classtype:trojan-activity;sid:84345803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.166.10.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482702/; classtype:trojan-activity;sid:84345802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.85.98.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482701/; classtype:trojan-activity;sid:84345801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.49.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482700/; classtype:trojan-activity;sid:84345800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482699)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.10.89"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482699/; classtype:trojan-activity;sid:84345799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.212.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482698/; classtype:trojan-activity;sid:84345798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.0.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482697/; classtype:trojan-activity;sid:84345797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.108.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482696/; classtype:trojan-activity;sid:84345796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.211.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482695/; classtype:trojan-activity;sid:84345795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.166.10.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482694/; classtype:trojan-activity;sid:84345794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.168.89.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482693/; classtype:trojan-activity;sid:84345793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.49.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482692/; classtype:trojan-activity;sid:84345792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.65.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482691/; classtype:trojan-activity;sid:84345791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482690)"; flow:established,from_client; content:"GET"; http_method; content:"/8c84b34t7a.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.overhangchump.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482690/; classtype:trojan-activity;sid:84345790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.46.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482689/; classtype:trojan-activity;sid:84345789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.211.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482688/; classtype:trojan-activity;sid:84345788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.236.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482687/; classtype:trojan-activity;sid:84345787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.108.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482686/; classtype:trojan-activity;sid:84345786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.33.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482685/; classtype:trojan-activity;sid:84345785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.160.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482684/; classtype:trojan-activity;sid:84345784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.181.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482682/; classtype:trojan-activity;sid:84345782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482683/; classtype:trojan-activity;sid:84345783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.65.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482681/; classtype:trojan-activity;sid:84345781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.238.196.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482680/; classtype:trojan-activity;sid:84345780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.163.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482679/; classtype:trojan-activity;sid:84345779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.14.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482678/; classtype:trojan-activity;sid:84345778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.184.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482676/; classtype:trojan-activity;sid:84345776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.13.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482677/; classtype:trojan-activity;sid:84345777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482675)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.asiu4.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482675/; classtype:trojan-activity;sid:84345775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.33.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482674/; classtype:trojan-activity;sid:84345774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.31.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482673/; classtype:trojan-activity;sid:84345773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.64.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482671/; classtype:trojan-activity;sid:84345771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.210.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482672/; classtype:trojan-activity;sid:84345772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.4.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482669/; classtype:trojan-activity;sid:84345769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.153.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482670/; classtype:trojan-activity;sid:84345770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.181.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482668/; classtype:trojan-activity;sid:84345768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.163.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482667/; classtype:trojan-activity;sid:84345767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.14.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482666/; classtype:trojan-activity;sid:84345766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.250.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482665/; classtype:trojan-activity;sid:84345765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.69.158.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482664/; classtype:trojan-activity;sid:84345764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.93.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482663/; classtype:trojan-activity;sid:84345763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.196.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482662/; classtype:trojan-activity;sid:84345762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482661)"; flow:established,from_client; content:"GET"; http_method; content:"/jkse.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482661/; classtype:trojan-activity;sid:84345761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482660)"; flow:established,from_client; content:"GET"; http_method; content:"/jkse.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482660/; classtype:trojan-activity;sid:84345760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482658)"; flow:established,from_client; content:"GET"; http_method; content:"/jkse.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482658/; classtype:trojan-activity;sid:84345758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482659)"; flow:established,from_client; content:"GET"; http_method; content:"/jkse.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482659/; classtype:trojan-activity;sid:84345759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.188.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482657/; classtype:trojan-activity;sid:84345757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482649)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.115.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482649/; classtype:trojan-activity;sid:84345749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482650)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.115.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482650/; classtype:trojan-activity;sid:84345750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482651)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.115.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482651/; classtype:trojan-activity;sid:84345751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482652)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.115.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482652/; classtype:trojan-activity;sid:84345752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482653)"; flow:established,from_client; content:"GET"; http_method; content:"/jkse.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482653/; classtype:trojan-activity;sid:84345753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482654)"; flow:established,from_client; content:"GET"; http_method; content:"/jkse.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482654/; classtype:trojan-activity;sid:84345754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482655)"; flow:established,from_client; content:"GET"; http_method; content:"/jkse.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482655/; classtype:trojan-activity;sid:84345755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482656)"; flow:established,from_client; content:"GET"; http_method; content:"/jkse.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.81.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482656/; classtype:trojan-activity;sid:84345756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.40.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482648/; classtype:trojan-activity;sid:84345748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.13.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482647/; classtype:trojan-activity;sid:84345747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482646)"; flow:established,from_client; content:"GET"; http_method; content:"/vuwmlayati.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.overhangchump.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482646/; classtype:trojan-activity;sid:84345746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.210.121.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482645/; classtype:trojan-activity;sid:84345745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.69.158.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482644/; classtype:trojan-activity;sid:84345744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.250.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482643/; classtype:trojan-activity;sid:84345743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.93.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482642/; classtype:trojan-activity;sid:84345742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.118.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482641/; classtype:trojan-activity;sid:84345741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.148.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482640/; classtype:trojan-activity;sid:84345740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.40.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482639/; classtype:trojan-activity;sid:84345739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.31.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482638/; classtype:trojan-activity;sid:84345738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.204.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482637/; classtype:trojan-activity;sid:84345737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.123.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482636/; classtype:trojan-activity;sid:84345736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.230.187.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482635/; classtype:trojan-activity;sid:84345735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482634)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482634/; classtype:trojan-activity;sid:84345734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482623)"; flow:established,from_client; content:"GET"; http_method; content:"/bj"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482623/; classtype:trojan-activity;sid:84345723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482624)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482624/; classtype:trojan-activity;sid:84345724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482625)"; flow:established,from_client; content:"GET"; http_method; content:"/t.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482625/; classtype:trojan-activity;sid:84345725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482626)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482626/; classtype:trojan-activity;sid:84345726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482627)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482627/; classtype:trojan-activity;sid:84345727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482628)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482628/; classtype:trojan-activity;sid:84345728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482629)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482629/; classtype:trojan-activity;sid:84345729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482630)"; flow:established,from_client; content:"GET"; http_method; content:"/wop"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482630/; classtype:trojan-activity;sid:84345730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482631)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482631/; classtype:trojan-activity;sid:84345731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482632)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482632/; classtype:trojan-activity;sid:84345732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482633)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482633/; classtype:trojan-activity;sid:84345733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482593)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482593/; classtype:trojan-activity;sid:84345693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482594)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482594/; classtype:trojan-activity;sid:84345694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482595)"; flow:established,from_client; content:"GET"; http_method; content:"/pdvr"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482595/; classtype:trojan-activity;sid:84345695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482596)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482596/; classtype:trojan-activity;sid:84345696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482597)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482597/; classtype:trojan-activity;sid:84345697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482598)"; flow:established,from_client; content:"GET"; http_method; content:"/brr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482598/; classtype:trojan-activity;sid:84345698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482599)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482599/; classtype:trojan-activity;sid:84345699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482600)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482600/; classtype:trojan-activity;sid:84345700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482601)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482601/; classtype:trojan-activity;sid:84345701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482602)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482602/; classtype:trojan-activity;sid:84345702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482603)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482603/; classtype:trojan-activity;sid:84345703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482604)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482604/; classtype:trojan-activity;sid:84345704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482605)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482605/; classtype:trojan-activity;sid:84345705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482606)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482606/; classtype:trojan-activity;sid:84345706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482607)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482607/; classtype:trojan-activity;sid:84345707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482608)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482608/; classtype:trojan-activity;sid:84345708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482609)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482609/; classtype:trojan-activity;sid:84345709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482610)"; flow:established,from_client; content:"GET"; http_method; content:"/cn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482610/; classtype:trojan-activity;sid:84345710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482611)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482611/; classtype:trojan-activity;sid:84345711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482612)"; flow:established,from_client; content:"GET"; http_method; content:"/gi"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482612/; classtype:trojan-activity;sid:84345712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482613)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482613/; classtype:trojan-activity;sid:84345713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482614)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482614/; classtype:trojan-activity;sid:84345714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482615)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482615/; classtype:trojan-activity;sid:84345715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482616)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482616/; classtype:trojan-activity;sid:84345716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482617)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482617/; classtype:trojan-activity;sid:84345717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482618)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482618/; classtype:trojan-activity;sid:84345718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482619)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482619/; classtype:trojan-activity;sid:84345719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482620)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482620/; classtype:trojan-activity;sid:84345720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482621)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482621/; classtype:trojan-activity;sid:84345721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482622)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482622/; classtype:trojan-activity;sid:84345722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482587)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482587/; classtype:trojan-activity;sid:84345687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482588)"; flow:established,from_client; content:"GET"; http_method; content:"/ah"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482588/; classtype:trojan-activity;sid:84345688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482589)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482589/; classtype:trojan-activity;sid:84345689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482590)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482590/; classtype:trojan-activity;sid:84345690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482591)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482591/; classtype:trojan-activity;sid:84345691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482592)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482592/; classtype:trojan-activity;sid:84345692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482579)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482579/; classtype:trojan-activity;sid:84345679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482580)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482580/; classtype:trojan-activity;sid:84345680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482581)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482581/; classtype:trojan-activity;sid:84345681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482582)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482582/; classtype:trojan-activity;sid:84345682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482583)"; flow:established,from_client; content:"GET"; http_method; content:"/wert"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482583/; classtype:trojan-activity;sid:84345683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482584)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482584/; classtype:trojan-activity;sid:84345684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482585)"; flow:established,from_client; content:"GET"; http_method; content:"/we"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482585/; classtype:trojan-activity;sid:84345685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482586)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482586/; classtype:trojan-activity;sid:84345686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482547)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482547/; classtype:trojan-activity;sid:84345647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482548)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482548/; classtype:trojan-activity;sid:84345648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482549)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482549/; classtype:trojan-activity;sid:84345649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482550)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482550/; classtype:trojan-activity;sid:84345650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482551)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482551/; classtype:trojan-activity;sid:84345651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482552)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482552/; classtype:trojan-activity;sid:84345652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482553)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482553/; classtype:trojan-activity;sid:84345653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482554)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482554/; classtype:trojan-activity;sid:84345654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482555)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482555/; classtype:trojan-activity;sid:84345655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482556)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482556/; classtype:trojan-activity;sid:84345656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482557)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482557/; classtype:trojan-activity;sid:84345657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482558)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482558/; classtype:trojan-activity;sid:84345658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482559)"; flow:established,from_client; content:"GET"; http_method; content:"/irn"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482559/; classtype:trojan-activity;sid:84345659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482560)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482560/; classtype:trojan-activity;sid:84345660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482561)"; flow:established,from_client; content:"GET"; http_method; content:"/tr"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482561/; classtype:trojan-activity;sid:84345661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482562)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482562/; classtype:trojan-activity;sid:84345662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482563)"; flow:established,from_client; content:"GET"; http_method; content:"/zxc.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482563/; classtype:trojan-activity;sid:84345663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482564)"; flow:established,from_client; content:"GET"; http_method; content:"/chomp"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482564/; classtype:trojan-activity;sid:84345664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482565)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482565/; classtype:trojan-activity;sid:84345665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482566)"; flow:established,from_client; content:"GET"; http_method; content:"/gig.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482566/; classtype:trojan-activity;sid:84345666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482567)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482567/; classtype:trojan-activity;sid:84345667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482568)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482568/; classtype:trojan-activity;sid:84345668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482569)"; flow:established,from_client; content:"GET"; http_method; content:"/buf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482569/; classtype:trojan-activity;sid:84345669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482570)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482570/; classtype:trojan-activity;sid:84345670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482571)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482571/; classtype:trojan-activity;sid:84345671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482572)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482572/; classtype:trojan-activity;sid:84345672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482573)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482573/; classtype:trojan-activity;sid:84345673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482574)"; flow:established,from_client; content:"GET"; http_method; content:"/phi.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482574/; classtype:trojan-activity;sid:84345674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482575)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482575/; classtype:trojan-activity;sid:84345675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482576)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482576/; classtype:trojan-activity;sid:84345676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482577)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482577/; classtype:trojan-activity;sid:84345677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482578)"; flow:established,from_client; content:"GET"; http_method; content:"/n3881.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.70.94.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482578/; classtype:trojan-activity;sid:84345678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.31.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482546/; classtype:trojan-activity;sid:84345646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.204.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482545/; classtype:trojan-activity;sid:84345645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482544)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.135.249.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482544/; classtype:trojan-activity;sid:84345644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.95.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482543/; classtype:trojan-activity;sid:84345643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.230.187.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482542/; classtype:trojan-activity;sid:84345642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.184.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482540/; classtype:trojan-activity;sid:84345640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482541)"; flow:established,from_client; content:"GET"; http_method; content:"/ffh03uz361.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.overhangchump.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482541/; classtype:trojan-activity;sid:84345641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.170.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482539/; classtype:trojan-activity;sid:84345639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.159.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482538/; classtype:trojan-activity;sid:84345638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.227.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482537/; classtype:trojan-activity;sid:84345637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482536/; classtype:trojan-activity;sid:84345636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.178.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482535/; classtype:trojan-activity;sid:84345635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482534/; classtype:trojan-activity;sid:84345634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.138.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482533/; classtype:trojan-activity;sid:84345633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.170.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482532/; classtype:trojan-activity;sid:84345632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.24.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482531/; classtype:trojan-activity;sid:84345631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482530)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"104.168.101.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482530/; classtype:trojan-activity;sid:84345630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482529)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"comwebdisk.webprocediweb.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482529/; classtype:trojan-activity;sid:84345629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482528)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"comwebdisk.webprocediweb.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482528/; classtype:trojan-activity;sid:84345628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482504)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"webprocediweb.comwebdisk.webprocediweb.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482504/; classtype:trojan-activity;sid:84345604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482505)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"comwebdisk.webprocediweb.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482505/; classtype:trojan-activity;sid:84345605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482506)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"comwebdisk.webprocediweb.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482506/; classtype:trojan-activity;sid:84345606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482507)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"comwebdisk.webprocediweb.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482507/; classtype:trojan-activity;sid:84345607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482508)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"comwebdisk.webprocediweb.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482508/; classtype:trojan-activity;sid:84345608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482509)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"comwebdisk.webprocediweb.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482509/; classtype:trojan-activity;sid:84345609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482510)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"webdisk.webprocediweb.comwebdisk.webprocediweb.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482510/; classtype:trojan-activity;sid:84345610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482511)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"webprocediweb.comwebdisk.webprocediweb.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482511/; classtype:trojan-activity;sid:84345611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482512)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"webdisk.webprocediweb.comwebdisk.webprocediweb.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482512/; classtype:trojan-activity;sid:84345612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482513)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"webdisk.webprocediweb.comwebdisk.webprocediweb.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482513/; classtype:trojan-activity;sid:84345613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482514)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"webprocediweb.comwebdisk.webprocediweb.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482514/; classtype:trojan-activity;sid:84345614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482515)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"webprocediweb.comwebdisk.webprocediweb.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482515/; classtype:trojan-activity;sid:84345615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482516)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"webprocediweb.comwebdisk.webprocediweb.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482516/; classtype:trojan-activity;sid:84345616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482517)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"webdisk.webprocediweb.comwebdisk.webprocediweb.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482517/; classtype:trojan-activity;sid:84345617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482518)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"webdisk.webprocediweb.comwebdisk.webprocediweb.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482518/; classtype:trojan-activity;sid:84345618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482519)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"webprocediweb.comwebdisk.webprocediweb.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482519/; classtype:trojan-activity;sid:84345619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482520)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"webdisk.webprocediweb.comwebdisk.webprocediweb.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482520/; classtype:trojan-activity;sid:84345620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482521)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"webprocediweb.comwebdisk.webprocediweb.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482521/; classtype:trojan-activity;sid:84345621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482522)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"webprocediweb.comwebdisk.webprocediweb.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482522/; classtype:trojan-activity;sid:84345622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482523)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"webdisk.webprocediweb.comwebdisk.webprocediweb.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482523/; classtype:trojan-activity;sid:84345623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482524)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"webdisk.webprocediweb.comwebdisk.webprocediweb.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482524/; classtype:trojan-activity;sid:84345624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482525)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"comwebdisk.webprocediweb.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482525/; classtype:trojan-activity;sid:84345625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482526)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"webprocediweb.comwebdisk.webprocediweb.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482526/; classtype:trojan-activity;sid:84345626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482527)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"comwebdisk.webprocediweb.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482527/; classtype:trojan-activity;sid:84345627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482488)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"104.168.101.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482488/; classtype:trojan-activity;sid:84345588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482489)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"104.168.101.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482489/; classtype:trojan-activity;sid:84345589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482490)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"104.168.101.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482490/; classtype:trojan-activity;sid:84345590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482491)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"104.168.101.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482491/; classtype:trojan-activity;sid:84345591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482492)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"104.168.101.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482492/; classtype:trojan-activity;sid:84345592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482493)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"104.168.101.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482493/; classtype:trojan-activity;sid:84345593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482494)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"104.168.101.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482494/; classtype:trojan-activity;sid:84345594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482495)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"104.168.101.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482495/; classtype:trojan-activity;sid:84345595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482496)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"webprocediweb.comwebdisk.webprocediweb.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482496/; classtype:trojan-activity;sid:84345596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482497)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"webdisk.webprocediweb.comwebdisk.webprocediweb.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482497/; classtype:trojan-activity;sid:84345597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482498)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"comwebdisk.webprocediweb.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482498/; classtype:trojan-activity;sid:84345598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482499)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"104.168.101.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482499/; classtype:trojan-activity;sid:84345599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482500)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"comwebdisk.webprocediweb.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482500/; classtype:trojan-activity;sid:84345600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482501)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"webdisk.webprocediweb.comwebdisk.webprocediweb.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482501/; classtype:trojan-activity;sid:84345601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482502)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"webprocediweb.comwebdisk.webprocediweb.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482502/; classtype:trojan-activity;sid:84345602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482503)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"webdisk.webprocediweb.comwebdisk.webprocediweb.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482503/; classtype:trojan-activity;sid:84345603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.244.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482487/; classtype:trojan-activity;sid:84345587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.113.67.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482486/; classtype:trojan-activity;sid:84345586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.101.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482485/; classtype:trojan-activity;sid:84345585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.153.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482484/; classtype:trojan-activity;sid:84345584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.24.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482483/; classtype:trojan-activity;sid:84345583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.96.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482482/; classtype:trojan-activity;sid:84345582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.165.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482480/; classtype:trojan-activity;sid:84345580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482479)"; flow:established,from_client; content:"GET"; http_method; content:"/eqheu0cncxuzk0yc.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"checkit-v3.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482479/; classtype:trojan-activity;sid:84345579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482478)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"checkit-v3.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482478/; classtype:trojan-activity;sid:84345578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482477)"; flow:established,from_client; content:"GET"; http_method; content:"/sign-in|3f|op_token=zxj81egvvyxv0ackyaqounlo3mm9it2qznk5un3prm3bpcmgscwf1dghvcml6zroaahr0chm6ly9hzg1pbi5ib29raw5nlmnvbs8qonsiyxv0af9hdhrlbxb0x2lkijoiyjezzgnlmjqtmgm5os00yjjllthiogutnji0njlln2y1zgq5in0yk1lhoetpzgcwyxpls1n1og5vz25uq3psci1mykt5txfxavnwannsmjv4wnm6bfmyntzcbgnvzguqezcsipujlk4nogbcafjd1nxosdi"; http_uri; depth:305; isdataat:!1,relative; nocase; content:"booking.guestidreviews.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482477/; classtype:trojan-activity;sid:84345577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482476)"; flow:established,from_client; content:"GET"; http_method; content:"/1c3y0a2oob.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.overhangchump.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482476/; classtype:trojan-activity;sid:84345576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.121.73.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482475/; classtype:trojan-activity;sid:84345575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.174.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482474/; classtype:trojan-activity;sid:84345574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.92.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482473/; classtype:trojan-activity;sid:84345573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.226.26.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482472/; classtype:trojan-activity;sid:84345572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.58.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482471/; classtype:trojan-activity;sid:84345571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.236.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482470/; classtype:trojan-activity;sid:84345570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.153.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482469/; classtype:trojan-activity;sid:84345569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.200.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482468/; classtype:trojan-activity;sid:84345568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.95.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482467/; classtype:trojan-activity;sid:84345567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.203.92.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482466/; classtype:trojan-activity;sid:84345566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.107.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482465/; classtype:trojan-activity;sid:84345565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.200.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482464/; classtype:trojan-activity;sid:84345564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.95.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482463/; classtype:trojan-activity;sid:84345563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.42.45.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482462/; classtype:trojan-activity;sid:84345562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.113.67.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482461/; classtype:trojan-activity;sid:84345561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.30.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482460/; classtype:trojan-activity;sid:84345560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.227.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482459/; classtype:trojan-activity;sid:84345559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.121.73.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482458/; classtype:trojan-activity;sid:84345558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.107.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482457/; classtype:trojan-activity;sid:84345557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482456)"; flow:established,from_client; content:"GET"; http_method; content:"/8gfevjfknw.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.overhangchump.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482456/; classtype:trojan-activity;sid:84345556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.146.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482455/; classtype:trojan-activity;sid:84345555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.112.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482453/; classtype:trojan-activity;sid:84345553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.142.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482454/; classtype:trojan-activity;sid:84345554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.171.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482452/; classtype:trojan-activity;sid:84345552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.146.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482451/; classtype:trojan-activity;sid:84345551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.110.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482450/; classtype:trojan-activity;sid:84345550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.29.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482449/; classtype:trojan-activity;sid:84345549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.207.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482448/; classtype:trojan-activity;sid:84345548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.29.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482447/; classtype:trojan-activity;sid:84345547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.27.36.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482446/; classtype:trojan-activity;sid:84345546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.17.168"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482445/; classtype:trojan-activity;sid:84345545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.216.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482443/; classtype:trojan-activity;sid:84345543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.49.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482444/; classtype:trojan-activity;sid:84345544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.235.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482442/; classtype:trojan-activity;sid:84345542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.106.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482441/; classtype:trojan-activity;sid:84345541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.196.11.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482440/; classtype:trojan-activity;sid:84345540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.30.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482439/; classtype:trojan-activity;sid:84345539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.178.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482438/; classtype:trojan-activity;sid:84345538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482437)"; flow:established,from_client; content:"GET"; http_method; content:"/cct9h38bn0.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.overhangchump.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482437/; classtype:trojan-activity;sid:84345537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.216.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482436/; classtype:trojan-activity;sid:84345536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.102.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482434/; classtype:trojan-activity;sid:84345534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.110.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482435/; classtype:trojan-activity;sid:84345535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.80.0.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482433/; classtype:trojan-activity;sid:84345533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.27.36.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482432/; classtype:trojan-activity;sid:84345532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.30.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482431/; classtype:trojan-activity;sid:84345531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.234.248.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482430/; classtype:trojan-activity;sid:84345530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.235.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482429/; classtype:trojan-activity;sid:84345529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.49.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482428/; classtype:trojan-activity;sid:84345528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.191.242.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482427/; classtype:trojan-activity;sid:84345527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.6.91.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482426/; classtype:trojan-activity;sid:84345526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.18.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482425/; classtype:trojan-activity;sid:84345525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482424)"; flow:established,from_client; content:"GET"; http_method; content:"/unipessoallda/factura/blob/main/fa-43-03-2025.jar"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482424/; classtype:trojan-activity;sid:84345524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.119.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482423/; classtype:trojan-activity;sid:84345523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.18.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482422/; classtype:trojan-activity;sid:84345522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.80.0.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482421/; classtype:trojan-activity;sid:84345521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.170.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482420/; classtype:trojan-activity;sid:84345520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.30.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482419/; classtype:trojan-activity;sid:84345519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.6.41.155"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482418/; classtype:trojan-activity;sid:84345518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.134.254.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482417/; classtype:trojan-activity;sid:84345517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.17.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482416/; classtype:trojan-activity;sid:84345516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.33.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482412/; classtype:trojan-activity;sid:84345512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.213.179.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482413/; classtype:trojan-activity;sid:84345513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.230.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482414/; classtype:trojan-activity;sid:84345514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.250.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482415/; classtype:trojan-activity;sid:84345515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482411)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"80.71.227.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482411/; classtype:trojan-activity;sid:84345511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.191.242.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482410/; classtype:trojan-activity;sid:84345510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.6.91.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482409/; classtype:trojan-activity;sid:84345509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.5.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482408/; classtype:trojan-activity;sid:84345508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.234.248.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482407/; classtype:trojan-activity;sid:84345507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.0.143"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482406/; classtype:trojan-activity;sid:84345506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.225.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482405/; classtype:trojan-activity;sid:84345505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482404)"; flow:established,from_client; content:"GET"; http_method; content:"/cd/0/get/cmlxlsubfl4mgcwlefwy3r0z0h7l8glqrp2pp15dg1vbwzn1iufjet4l7svyh_mq3rhucu2sypbdfblbphub0ahvkf2lylwr7di-nj0smlrw7i_2kfv3srnich4wafkvt_ery6u53kpz0rycipnycnfy/file|3f|dl=1"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"uc2a7099e166caf453013549b34f.dl.dropboxusercontent.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482404/; classtype:trojan-activity;sid:84345504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482403)"; flow:established,from_client; content:"GET"; http_method; content:"/cd/0/get/cmj_1xx_yqonv8piuyshyz-xdi3wuwt0p48jq1pznildtononfifuefk-aartuhnduzid6ha8cuvemtjdofyocvqrza74ipojcikzy3hc-6mlhhvnbmpqiuw5ajssyrl03wuc12vavmvx5q9kdpzazks/file|3f|dl=1"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"ucedcc3e7de81b2d28ef97859138.dl.dropboxusercontent.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482403/; classtype:trojan-activity;sid:84345503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.212.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482402/; classtype:trojan-activity;sid:84345502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.134.254.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482401/; classtype:trojan-activity;sid:84345501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.215.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482400/; classtype:trojan-activity;sid:84345500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482399)"; flow:established,from_client; content:"GET"; http_method; content:"/9pnq8dt46t.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.overhangchump.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482399/; classtype:trojan-activity;sid:84345499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.10.117.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482398/; classtype:trojan-activity;sid:84345498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.5.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482397/; classtype:trojan-activity;sid:84345497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.34.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482396/; classtype:trojan-activity;sid:84345496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.106.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482395/; classtype:trojan-activity;sid:84345495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.15.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482394/; classtype:trojan-activity;sid:84345494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.225.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482393/; classtype:trojan-activity;sid:84345493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482391)"; flow:established,from_client; content:"GET"; http_method; content:"/download_macos/tradingview.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"www.masterplusservices.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482391/; classtype:trojan-activity;sid:84345491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.118.144.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482390/; classtype:trojan-activity;sid:84345490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.74.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482388/; classtype:trojan-activity;sid:84345488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.86.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482389/; classtype:trojan-activity;sid:84345489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.15.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482387/; classtype:trojan-activity;sid:84345487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482386)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/build22.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482386/; classtype:trojan-activity;sid:84345486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482377)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/xen.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482377/; classtype:trojan-activity;sid:84345477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482378)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/xclient.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482378/; classtype:trojan-activity;sid:84345478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482379)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/vik.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482379/; classtype:trojan-activity;sid:84345479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482380)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/muhk.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482380/; classtype:trojan-activity;sid:84345480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482381)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/cozyrem2.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482381/; classtype:trojan-activity;sid:84345481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482382)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/donorigin.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482382/; classtype:trojan-activity;sid:84345482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482383)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/guybin.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482383/; classtype:trojan-activity;sid:84345483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482384)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/yg.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482384/; classtype:trojan-activity;sid:84345484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.74.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482385/; classtype:trojan-activity;sid:84345485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482374)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/kim.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482374/; classtype:trojan-activity;sid:84345474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482375)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/steph.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482375/; classtype:trojan-activity;sid:84345475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482376)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/mukk.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482376/; classtype:trojan-activity;sid:84345476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482372)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/cooperbuild34.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482372/; classtype:trojan-activity;sid:84345472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482373)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/originnewwww.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482373/; classtype:trojan-activity;sid:84345473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.130.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482371/; classtype:trojan-activity;sid:84345471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482370)"; flow:established,from_client; content:"GET"; http_method; content:"/hsn-cmcsa/wave-executor/releases/download/3.2.1/wave-executor-v3.2.1.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482370/; classtype:trojan-activity;sid:84345470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482349)"; flow:established,from_client; content:"GET"; http_method; content:"/burnx1/scrivener-cracked/releases/download/v1.4.2-alpha.3/scrivener-cracked-v1.4.2-alpha.3.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482349/; classtype:trojan-activity;sid:84345449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482350)"; flow:established,from_client; content:"GET"; http_method; content:"/poopman555/spotify-music-recommendation-system/releases/download/v1.0/release.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482350/; classtype:trojan-activity;sid:84345450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482351)"; flow:established,from_client; content:"GET"; http_method; content:"/jairus69/windows-tubemate-cracked/releases/download/olympiad/windowstubemateolympiad.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482351/; classtype:trojan-activity;sid:84345451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482352)"; flow:established,from_client; content:"GET"; http_method; content:"/slayvera/codex-roblox/releases/download/1.1.4/codex.roblox.1.1.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482352/; classtype:trojan-activity;sid:84345452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482353)"; flow:established,from_client; content:"GET"; http_method; content:"/bijoychandrowdas/roblox-scriptify/releases/download/v1.3.2/roblox.scriptify.v1.3.2.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482353/; classtype:trojan-activity;sid:84345453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482354)"; flow:established,from_client; content:"GET"; http_method; content:"/rissendg/noteburner-spotify-music-converter-crack/releases/download/3.4.7/noteburner-spotify-music-converter-crack-3-4-7.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482354/; classtype:trojan-activity;sid:84345454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482355)"; flow:established,from_client; content:"GET"; http_method; content:"/viniciustechnology/xeno-executor/releases/download/observance/release.observance.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482355/; classtype:trojan-activity;sid:84345455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482356)"; flow:established,from_client; content:"GET"; http_method; content:"/eriny22/delta-executor/releases/download/2.6.4/delta.executor.2.6.4.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482356/; classtype:trojan-activity;sid:84345456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482357)"; flow:established,from_client; content:"GET"; http_method; content:"/karolkoppe/roblox-moon/releases/download/communalistic/release.communalistic.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482357/; classtype:trojan-activity;sid:84345457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482358)"; flow:established,from_client; content:"GET"; http_method; content:"/alicoban123/roblox-fisch-script/releases/download/v3.1.4/roblox-fisch-script-v3.1.4.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482358/; classtype:trojan-activity;sid:84345458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482359)"; flow:established,from_client; content:"GET"; http_method; content:"/hoangho0311/serif-affinity-designer-cracked/releases/download/v2.5.5/serif-affinity-designer-cracked-v2.5.5.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482359/; classtype:trojan-activity;sid:84345459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482360)"; flow:established,from_client; content:"GET"; http_method; content:"/omio-saha/spotify_data_pipe_snowflake/releases/download/v1.0/release_x64.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482360/; classtype:trojan-activity;sid:84345460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482361)"; flow:established,from_client; content:"GET"; http_method; content:"/sylvain45/spotify-premium-for-free-2025/releases/download/1.4.1/spotify-premium-free-2025-v1.4.1.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482361/; classtype:trojan-activity;sid:84345461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482362)"; flow:established,from_client; content:"GET"; http_method; content:"/3t3rnal9/guitar-pro-cracked/releases/download/2.0.8/guitar-pro-cracked-2.0.8.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482362/; classtype:trojan-activity;sid:84345462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482363)"; flow:established,from_client; content:"GET"; http_method; content:"/dhruvikp218/wave-executor-2025/releases/download/3.7.0/waveexecutor2025-v3.7.0.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482363/; classtype:trojan-activity;sid:84345463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482364)"; flow:established,from_client; content:"GET"; http_method; content:"/galsamy/anymp4-video-converter-cracked/releases/download/3.7.5/anymp4.3.7.5.video.converter.cracked.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482364/; classtype:trojan-activity;sid:84345464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482365)"; flow:established,from_client; content:"GET"; http_method; content:"/navenraam/capture-one-pro-cracked/releases/download/v2.9.5-beta.2/capture-one-pro-cracked-v2.9.5-beta.2.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482365/; classtype:trojan-activity;sid:84345465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482366)"; flow:established,from_client; content:"GET"; http_method; content:"/lafuma020613/roblox-fisch-script/releases/download/v2.6.5/release.v2.6.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482366/; classtype:trojan-activity;sid:84345466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482367)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v1.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482367/; classtype:trojan-activity;sid:84345467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482368)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482368/; classtype:trojan-activity;sid:84345468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482369)"; flow:established,from_client; content:"GET"; http_method; content:"/emmanuelmr45/delta-executor/releases/download/1.1.7-alpha.1/delta.executor.1.1.7.alpha.1.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482369/; classtype:trojan-activity;sid:84345469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482333)"; flow:established,from_client; content:"GET"; http_method; content:"/k4tuu/roblox-faxi-macro/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482333/; classtype:trojan-activity;sid:84345433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482334)"; flow:established,from_client; content:"GET"; http_method; content:"/dragonsoul96/spotify-premium-for-free-2025/releases/download/funk/spotify-premium-for-free-2025-funk.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482334/; classtype:trojan-activity;sid:84345434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482335)"; flow:established,from_client; content:"GET"; http_method; content:"/genxxen/swift-executor/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482335/; classtype:trojan-activity;sid:84345435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482336)"; flow:established,from_client; content:"GET"; http_method; content:"/gacontb97/spotify-playlist-downloader/releases/download/v3.0.4/spotify-playlist-downloader-v3.0.4.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482336/; classtype:trojan-activity;sid:84345436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482337)"; flow:established,from_client; content:"GET"; http_method; content:"/elrambeee/winzip-driver-updater-cracked/releases/download/forelock/winzip.driver.updater.cracked.forelock.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482337/; classtype:trojan-activity;sid:84345437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482338)"; flow:established,from_client; content:"GET"; http_method; content:"/rehkhan-dev/delta-executor/releases/download/1.1.3/deltaexecutor-1.1.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482338/; classtype:trojan-activity;sid:84345438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482339)"; flow:established,from_client; content:"GET"; http_method; content:"/jeand03/celex-executor/releases/download/1.4.3/celex.executor.1.4.3.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482339/; classtype:trojan-activity;sid:84345439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482340)"; flow:established,from_client; content:"GET"; http_method; content:"/xavier69-alt/iobit-smart-defrag-pro-cracked/releases/download/1.5.8/iobit.smart.defrag.pro.cracked.v1.5.8.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482340/; classtype:trojan-activity;sid:84345440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482341)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowfeargithub/roblox-multi-instance/releases/download/1.9.5-alpha.4/roblox.multi.instance.1.9.5.alpha.4.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482341/; classtype:trojan-activity;sid:84345441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482342)"; flow:established,from_client; content:"GET"; http_method; content:"/webweb33/delta-executor/releases/download/v2.0.0/deltavision.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482342/; classtype:trojan-activity;sid:84345442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482343)"; flow:established,from_client; content:"GET"; http_method; content:"/neffriana/swift-executor/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482343/; classtype:trojan-activity;sid:84345443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482344)"; flow:established,from_client; content:"GET"; http_method; content:"/archit-batham/nexus-roblox/releases/download/1.0.2/nexus-roblox-v1.0.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482344/; classtype:trojan-activity;sid:84345444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482345)"; flow:established,from_client; content:"GET"; http_method; content:"/dahoodmans/spotify-music-recommender/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482345/; classtype:trojan-activity;sid:84345445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482346)"; flow:established,from_client; content:"GET"; http_method; content:"/myklass911/luna-executor/releases/download/v3.8.9/luna-executor_v3.8.9.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482346/; classtype:trojan-activity;sid:84345446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482347)"; flow:established,from_client; content:"GET"; http_method; content:"/silvazada7/roblox-fisch-script/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482347/; classtype:trojan-activity;sid:84345447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482348)"; flow:established,from_client; content:"GET"; http_method; content:"/nader-bmh/fluxus-roblox-executor/releases/download/v3.8.2/monotone.harmony.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482348/; classtype:trojan-activity;sid:84345448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.8.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482331/; classtype:trojan-activity;sid:84345431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482332)"; flow:established,from_client; content:"GET"; http_method; content:"/lkwmp10/simple-tube/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482332/; classtype:trojan-activity;sid:84345432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482328)"; flow:established,from_client; content:"GET"; http_method; content:"/sstejak/youtube_playlist_downloader/releases/download/v1.6.6/youtube_playlist_downloader_v1.6.6.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482328/; classtype:trojan-activity;sid:84345428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482329)"; flow:established,from_client; content:"GET"; http_method; content:"/thetechie1001/wave-executor/releases/download/3.0.3/wave.executor.3.0.3.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482329/; classtype:trojan-activity;sid:84345429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482330)"; flow:established,from_client; content:"GET"; http_method; content:"/namexer4all/evon-executor/releases/download/v1.0.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482330/; classtype:trojan-activity;sid:84345430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482326)"; flow:established,from_client; content:"GET"; http_method; content:"/harichandran8/tuneskit_spotify_music_converter_crack/releases/download/cubocalcaneal/blindspotrift.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482326/; classtype:trojan-activity;sid:84345426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482327)"; flow:established,from_client; content:"GET"; http_method; content:"/aymarxss/roblox-fisch-script/releases/download/v2.6.2/roblox.fisch.script.v2.6.2.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482327/; classtype:trojan-activity;sid:84345427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.112.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482325/; classtype:trojan-activity;sid:84345425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482324/; classtype:trojan-activity;sid:84345424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.42.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482323/; classtype:trojan-activity;sid:84345423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.144.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482322/; classtype:trojan-activity;sid:84345422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482321)"; flow:established,from_client; content:"GET"; http_method; content:"/files/demarc_ljpr/susi.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482321/; classtype:trojan-activity;sid:84345421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482320)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5961868629/dw2a04h.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482320/; classtype:trojan-activity;sid:84345420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482314)"; flow:established,from_client; content:"GET"; http_method; content:"/files/lummac2%20lab%2011.03.2025%2016_02_46%20(1).zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482314/; classtype:trojan-activity;sid:84345414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482315)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5780230317/kx7tdcm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482315/; classtype:trojan-activity;sid:84345415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482316)"; flow:established,from_client; content:"GET"; http_method; content:"/files/tinderceo/random.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482316/; classtype:trojan-activity;sid:84345416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482317)"; flow:established,from_client; content:"GET"; http_method; content:"/files/cookiesmanagers/random.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482317/; classtype:trojan-activity;sid:84345417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482318)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7684569444/nwpnjnx.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482318/; classtype:trojan-activity;sid:84345418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482319)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7540413113/4fdcaly.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482319/; classtype:trojan-activity;sid:84345419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482313)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5169948862/q0zyulw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.113.115.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482313/; classtype:trojan-activity;sid:84345413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482312)"; flow:established,from_client; content:"GET"; http_method; content:"/4gr444sygb.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.overhangchump.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482312/; classtype:trojan-activity;sid:84345412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482311/; classtype:trojan-activity;sid:84345411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.248.10.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482310/; classtype:trojan-activity;sid:84345410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.112.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482309/; classtype:trojan-activity;sid:84345409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.98.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482308/; classtype:trojan-activity;sid:84345408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.92.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482306/; classtype:trojan-activity;sid:84345406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.85.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482307/; classtype:trojan-activity;sid:84345407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482305/; classtype:trojan-activity;sid:84345405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.3.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482304/; classtype:trojan-activity;sid:84345404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.159.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482303/; classtype:trojan-activity;sid:84345403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.75.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482302/; classtype:trojan-activity;sid:84345402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.19.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482301/; classtype:trojan-activity;sid:84345401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.231.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482300/; classtype:trojan-activity;sid:84345400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.126.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482299/; classtype:trojan-activity;sid:84345399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.99.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482298/; classtype:trojan-activity;sid:84345398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.245.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482297/; classtype:trojan-activity;sid:84345397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.86.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482296/; classtype:trojan-activity;sid:84345396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.92.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482294/; classtype:trojan-activity;sid:84345394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482295/; classtype:trojan-activity;sid:84345395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.98.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482293/; classtype:trojan-activity;sid:84345393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.99.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482292/; classtype:trojan-activity;sid:84345392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482289)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.22.160.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482289/; classtype:trojan-activity;sid:84345389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482290)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.168.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482290/; classtype:trojan-activity;sid:84345390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.185.8.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482291/; classtype:trojan-activity;sid:84345391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482288)"; flow:established,from_client; content:"GET"; http_method; content:"/df/tmmerforraadet.lzh"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"tecnov.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482288/; classtype:trojan-activity;sid:84345388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482285)"; flow:established,from_client; content:"GET"; http_method; content:"/df/quhzuoaadin155.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"tecnov.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482285/; classtype:trojan-activity;sid:84345385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.68.235.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482286/; classtype:trojan-activity;sid:84345386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.79.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482287/; classtype:trojan-activity;sid:84345387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.73.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482284/; classtype:trojan-activity;sid:84345384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.178.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482281/; classtype:trojan-activity;sid:84345381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.178.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482282/; classtype:trojan-activity;sid:84345382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.84.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482283/; classtype:trojan-activity;sid:84345383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.153.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482280/; classtype:trojan-activity;sid:84345380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.25.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482278/; classtype:trojan-activity;sid:84345378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.159.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482279/; classtype:trojan-activity;sid:84345379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.178.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482277/; classtype:trojan-activity;sid:84345377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.206.75.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482275/; classtype:trojan-activity;sid:84345375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.53.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482276/; classtype:trojan-activity;sid:84345376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.19.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482274/; classtype:trojan-activity;sid:84345374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.85.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482273/; classtype:trojan-activity;sid:84345373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.255.192.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482272/; classtype:trojan-activity;sid:84345372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482271)"; flow:established,from_client; content:"GET"; http_method; content:"/460bz077mn.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482271/; classtype:trojan-activity;sid:84345371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.187.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482270/; classtype:trojan-activity;sid:84345370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.40.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482269/; classtype:trojan-activity;sid:84345369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.99.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482268/; classtype:trojan-activity;sid:84345368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482267)"; flow:established,from_client; content:"GET"; http_method; content:"/download/fnafsetup.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"fnafar.netlify.app"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482267/; classtype:trojan-activity;sid:84345367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482265)"; flow:established,from_client; content:"GET"; http_method; content:"/download/game.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fnafar.netlify.app"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482265/; classtype:trojan-activity;sid:84345365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.245.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482266/; classtype:trojan-activity;sid:84345366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.234.159.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482264/; classtype:trojan-activity;sid:84345364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482262)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/css/colors/sunrise/xundfaxgnsp84.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"www.automobile-bk.de"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482262/; classtype:trojan-activity;sid:84345362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.234.159.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482263/; classtype:trojan-activity;sid:84345363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.120.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482261/; classtype:trojan-activity;sid:84345361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.236.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482260/; classtype:trojan-activity;sid:84345360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482259)"; flow:established,from_client; content:"GET"; http_method; content:"/2023/xundfaxgnsp84.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.luuk-lifestyle.eu"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482259/; classtype:trojan-activity;sid:84345359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.232.77.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482258/; classtype:trojan-activity;sid:84345358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482257)"; flow:established,from_client; content:"GET"; http_method; content:"/bear/2020/goldarnedest.aca"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.support-data.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482257/; classtype:trojan-activity;sid:84345357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482256)"; flow:established,from_client; content:"GET"; http_method; content:"/cristian%20rus%20documente%20elvetia.pdf.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"196.251.80.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482256/; classtype:trojan-activity;sid:84345356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482255)"; flow:established,from_client; content:"GET"; http_method; content:"/js2.js"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.80.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482255/; classtype:trojan-activity;sid:84345355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482252)"; flow:established,from_client; content:"GET"; http_method; content:"/open%20-%20bonida%20unterlagen%20schweiz.js"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"196.251.80.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482252/; classtype:trojan-activity;sid:84345352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482253)"; flow:established,from_client; content:"GET"; http_method; content:"/js3.js"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.80.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482253/; classtype:trojan-activity;sid:84345353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482254)"; flow:established,from_client; content:"GET"; http_method; content:"/a.cmd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.80.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482254/; classtype:trojan-activity;sid:84345354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.24.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482251/; classtype:trojan-activity;sid:84345351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.255.192.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482250/; classtype:trojan-activity;sid:84345350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.200.107.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482249/; classtype:trojan-activity;sid:84345349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.210.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482248/; classtype:trojan-activity;sid:84345348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.22.242.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482247/; classtype:trojan-activity;sid:84345347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.66.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482246/; classtype:trojan-activity;sid:84345346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.194.60.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482245/; classtype:trojan-activity;sid:84345345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.190.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482244/; classtype:trojan-activity;sid:84345344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.200.107.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482243/; classtype:trojan-activity;sid:84345343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.202.90.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482242/; classtype:trojan-activity;sid:84345342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.87.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482241/; classtype:trojan-activity;sid:84345341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.24.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482239/; classtype:trojan-activity;sid:84345339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.120.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482240/; classtype:trojan-activity;sid:84345340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.204.196.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482238/; classtype:trojan-activity;sid:84345338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.53.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482237/; classtype:trojan-activity;sid:84345337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.210.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482236/; classtype:trojan-activity;sid:84345336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.25.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482235/; classtype:trojan-activity;sid:84345335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.239.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482234/; classtype:trojan-activity;sid:84345334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.226.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482233/; classtype:trojan-activity;sid:84345333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482232)"; flow:established,from_client; content:"GET"; http_method; content:"/oglbiz7lvp.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482232/; classtype:trojan-activity;sid:84345332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.190.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482231/; classtype:trojan-activity;sid:84345331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.22.242.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482230/; classtype:trojan-activity;sid:84345330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.0.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482229/; classtype:trojan-activity;sid:84345329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.90.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482228/; classtype:trojan-activity;sid:84345328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.77.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482227/; classtype:trojan-activity;sid:84345327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482226/; classtype:trojan-activity;sid:84345326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.113.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482224/; classtype:trojan-activity;sid:84345324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.231.155.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482225/; classtype:trojan-activity;sid:84345325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.134.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482223/; classtype:trojan-activity;sid:84345323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.0.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482222/; classtype:trojan-activity;sid:84345322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.166.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482221/; classtype:trojan-activity;sid:84345321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.237.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482220/; classtype:trojan-activity;sid:84345320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.151.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482219/; classtype:trojan-activity;sid:84345319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482216)"; flow:established,from_client; content:"GET"; http_method; content:"/novascoders/noston/blob/main/noston.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482216/; classtype:trojan-activity;sid:84345316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482217)"; flow:established,from_client; content:"GET"; http_method; content:"/novascoders/scs/blob/main/screenconnect.clientsetup%20(7).exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482217/; classtype:trojan-activity;sid:84345317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482218)"; flow:established,from_client; content:"GET"; http_method; content:"/novascoders/nortn/blob/main/bedroom.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482218/; classtype:trojan-activity;sid:84345318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.151.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482215/; classtype:trojan-activity;sid:84345315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.66.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482214/; classtype:trojan-activity;sid:84345314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.247.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482212/; classtype:trojan-activity;sid:84345312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.42.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482213/; classtype:trojan-activity;sid:84345313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482211)"; flow:established,from_client; content:"GET"; http_method; content:"/novascoders/orders231/blob/main/bedroom.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482211/; classtype:trojan-activity;sid:84345311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.174.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482210/; classtype:trojan-activity;sid:84345310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.113.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482209/; classtype:trojan-activity;sid:84345309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.237.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482206/; classtype:trojan-activity;sid:84345306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.226.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482207/; classtype:trojan-activity;sid:84345307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.231.155.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482208/; classtype:trojan-activity;sid:84345308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.85.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482205/; classtype:trojan-activity;sid:84345305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.206.75.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482204/; classtype:trojan-activity;sid:84345304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.77.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482203/; classtype:trojan-activity;sid:84345303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.204.196.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482202/; classtype:trojan-activity;sid:84345302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.134.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482201/; classtype:trojan-activity;sid:84345301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.166.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482200/; classtype:trojan-activity;sid:84345300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.29.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482199/; classtype:trojan-activity;sid:84345299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.193.204.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482198/; classtype:trojan-activity;sid:84345298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.66.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482197/; classtype:trojan-activity;sid:84345297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.1.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482196/; classtype:trojan-activity;sid:84345296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.40.64.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482195/; classtype:trojan-activity;sid:84345295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.247.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482194/; classtype:trojan-activity;sid:84345294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.239.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482193/; classtype:trojan-activity;sid:84345293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.33.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482192/; classtype:trojan-activity;sid:84345292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482191/; classtype:trojan-activity;sid:84345291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.110.12.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482190/; classtype:trojan-activity;sid:84345290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482189)"; flow:established,from_client; content:"GET"; http_method; content:"/ropao77v6v.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482189/; classtype:trojan-activity;sid:84345289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.241.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482188/; classtype:trojan-activity;sid:84345288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.128.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482187/; classtype:trojan-activity;sid:84345287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.1.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482186/; classtype:trojan-activity;sid:84345286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.175.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482185/; classtype:trojan-activity;sid:84345285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.144.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482184/; classtype:trojan-activity;sid:84345284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.18.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482183/; classtype:trojan-activity;sid:84345283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.193.204.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482181/; classtype:trojan-activity;sid:84345281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.25.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482182/; classtype:trojan-activity;sid:84345282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.31.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482180/; classtype:trojan-activity;sid:84345280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.29.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482179/; classtype:trojan-activity;sid:84345279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.170.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482178/; classtype:trojan-activity;sid:84345278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.119.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482177/; classtype:trojan-activity;sid:84345277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.7.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482176/; classtype:trojan-activity;sid:84345276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482175/; classtype:trojan-activity;sid:84345275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.76.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482174/; classtype:trojan-activity;sid:84345274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.25.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482173/; classtype:trojan-activity;sid:84345273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.144.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482172/; classtype:trojan-activity;sid:84345272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.241.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482171/; classtype:trojan-activity;sid:84345271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.128.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482170/; classtype:trojan-activity;sid:84345270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.89.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482169/; classtype:trojan-activity;sid:84345269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.110.12.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482168/; classtype:trojan-activity;sid:84345268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.2.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482167/; classtype:trojan-activity;sid:84345267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.78.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482166/; classtype:trojan-activity;sid:84345266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.33.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482165/; classtype:trojan-activity;sid:84345265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.231.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482164/; classtype:trojan-activity;sid:84345264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.89.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482163/; classtype:trojan-activity;sid:84345263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.17.19"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482162/; classtype:trojan-activity;sid:84345262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.130.55.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482161/; classtype:trojan-activity;sid:84345261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.40.64.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482160/; classtype:trojan-activity;sid:84345260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.168.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482158/; classtype:trojan-activity;sid:84345258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.65.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482159/; classtype:trojan-activity;sid:84345259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.89.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482157/; classtype:trojan-activity;sid:84345257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.77.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482156/; classtype:trojan-activity;sid:84345256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.114.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482155/; classtype:trojan-activity;sid:84345255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.248.12.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482154/; classtype:trojan-activity;sid:84345254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.167.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482153/; classtype:trojan-activity;sid:84345253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.17.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482152/; classtype:trojan-activity;sid:84345252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482151/; classtype:trojan-activity;sid:84345251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.22.160.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482148/; classtype:trojan-activity;sid:84345248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482149)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.249.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482149/; classtype:trojan-activity;sid:84345249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482150)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.48.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482150/; classtype:trojan-activity;sid:84345250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.114.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482144/; classtype:trojan-activity;sid:84345244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.167.36.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482145/; classtype:trojan-activity;sid:84345245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482146)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.150.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482146/; classtype:trojan-activity;sid:84345246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482147)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.160.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482147/; classtype:trojan-activity;sid:84345247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.214.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482143/; classtype:trojan-activity;sid:84345243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.83.16.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482142/; classtype:trojan-activity;sid:84345242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.170.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482140/; classtype:trojan-activity;sid:84345240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.2.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482141/; classtype:trojan-activity;sid:84345241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.80.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482139/; classtype:trojan-activity;sid:84345239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.37.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482136/; classtype:trojan-activity;sid:84345236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482137)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.178.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482137/; classtype:trojan-activity;sid:84345237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482138)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.93.93.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482138/; classtype:trojan-activity;sid:84345238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.233.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482135/; classtype:trojan-activity;sid:84345235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.175.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482134/; classtype:trojan-activity;sid:84345234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482133)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.apoa3.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482133/; classtype:trojan-activity;sid:84345233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482132)"; flow:established,from_client; content:"GET"; http_method; content:"/y6i2uk4wye.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482132/; classtype:trojan-activity;sid:84345232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.65.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482131/; classtype:trojan-activity;sid:84345231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.76.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482130/; classtype:trojan-activity;sid:84345230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482129)"; flow:established,from_client; content:"GET"; http_method; content:"/homebrew/install/head/update"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"homebrew-storage.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482129/; classtype:trojan-activity;sid:84345229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482128)"; flow:established,from_client; content:"GET"; http_method; content:"/otherassets/ledger.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.147.124.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482128/; classtype:trojan-activity;sid:84345228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.130.55.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482127/; classtype:trojan-activity;sid:84345227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.168.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482126/; classtype:trojan-activity;sid:84345226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.83.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482124/; classtype:trojan-activity;sid:84345224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.247.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482125/; classtype:trojan-activity;sid:84345225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.113.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482121/; classtype:trojan-activity;sid:84345221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.116.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482122/; classtype:trojan-activity;sid:84345222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.89.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482123/; classtype:trojan-activity;sid:84345223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.161.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482120/; classtype:trojan-activity;sid:84345220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.91.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482119/; classtype:trojan-activity;sid:84345219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.97.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482118/; classtype:trojan-activity;sid:84345218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.77.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482117/; classtype:trojan-activity;sid:84345217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.167.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482116/; classtype:trojan-activity;sid:84345216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.58.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482115/; classtype:trojan-activity;sid:84345215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.231.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482114/; classtype:trojan-activity;sid:84345214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.78.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482113/; classtype:trojan-activity;sid:84345213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.246.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482112/; classtype:trojan-activity;sid:84345212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.98.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482111/; classtype:trojan-activity;sid:84345211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.121.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482109/; classtype:trojan-activity;sid:84345209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.85.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482110/; classtype:trojan-activity;sid:84345210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.113.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482108/; classtype:trojan-activity;sid:84345208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.116.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482107/; classtype:trojan-activity;sid:84345207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482106)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/de373d0df/f0eee999"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"vanartest.website"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482106/; classtype:trojan-activity;sid:84345206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482105)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/de373d0df/f0eee999"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"carvecomi.fun"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482105/; classtype:trojan-activity;sid:84345205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482102)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/de373d0df/f0eee999"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sharegolem.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482102/; classtype:trojan-activity;sid:84345202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482103)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/de373d0df/f0eee999"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"metalomni.space"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482103/; classtype:trojan-activity;sid:84345203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482104)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/de373d0df/f0eee999"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"147.45.44.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482104/; classtype:trojan-activity;sid:84345204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482101)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/de373d0df/f0eee999"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"requestbone.fun"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482101/; classtype:trojan-activity;sid:84345201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482099)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/de373d0df/f0eee999"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"nymclassic.tech"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482099/; classtype:trojan-activity;sid:84345199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482100)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/de373d0df/f0eee999"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"alturastreet.icu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482100/; classtype:trojan-activity;sid:84345200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482096)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/de373d0df/f0eee999"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.100.157.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482096/; classtype:trojan-activity;sid:84345196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482097)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/de373d0df/f0eee999"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"steemapi.site"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482097/; classtype:trojan-activity;sid:84345197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482098)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/de373d0df/f0eee999"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"numerlink.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482098/; classtype:trojan-activity;sid:84345198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482092)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/de373d0df/a31546bf"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sharegolem.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482092/; classtype:trojan-activity;sid:84345192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482093)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/de373d0df/a31546bf"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"vanartest.website"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482093/; classtype:trojan-activity;sid:84345193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482094)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/de373d0df/a31546bf"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"metalomni.space"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482094/; classtype:trojan-activity;sid:84345194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482095)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/de373d0df/a31546bf"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"carvecomi.fun"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482095/; classtype:trojan-activity;sid:84345195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482089)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/de373d0df/a31546bf"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"nymclassic.tech"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482089/; classtype:trojan-activity;sid:84345189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482090)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/de373d0df/a31546bf"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"requestbone.fun"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482090/; classtype:trojan-activity;sid:84345190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.151.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482091/; classtype:trojan-activity;sid:84345191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482086)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/de373d0df/a31546bf"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"steemapi.site"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482086/; classtype:trojan-activity;sid:84345186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482087)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/de373d0df/a31546bf"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"numerlink.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482087/; classtype:trojan-activity;sid:84345187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482088)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/de373d0df/ccd7b46d"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"147.45.44.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482088/; classtype:trojan-activity;sid:84345188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.167.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482085/; classtype:trojan-activity;sid:84345185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.122.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482084/; classtype:trojan-activity;sid:84345184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482083/; classtype:trojan-activity;sid:84345183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.66.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482082/; classtype:trojan-activity;sid:84345182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.150.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482081/; classtype:trojan-activity;sid:84345181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482080)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.142.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482080/; classtype:trojan-activity;sid:84345180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.135.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482079/; classtype:trojan-activity;sid:84345179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482078)"; flow:established,from_client; content:"GET"; http_method; content:"/01oodxp6wx.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482078/; classtype:trojan-activity;sid:84345178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.24.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482077/; classtype:trojan-activity;sid:84345177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.85.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482076/; classtype:trojan-activity;sid:84345176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.247.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482075/; classtype:trojan-activity;sid:84345175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.105.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482074/; classtype:trojan-activity;sid:84345174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.161.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482073/; classtype:trojan-activity;sid:84345173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.121.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482072/; classtype:trojan-activity;sid:84345172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.27.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482071/; classtype:trojan-activity;sid:84345171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.66.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482070/; classtype:trojan-activity;sid:84345170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.120.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482069/; classtype:trojan-activity;sid:84345169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.105.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482068/; classtype:trojan-activity;sid:84345168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.87.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482067/; classtype:trojan-activity;sid:84345167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.151.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482066/; classtype:trojan-activity;sid:84345166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.44.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482065/; classtype:trojan-activity;sid:84345165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.143.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482064/; classtype:trojan-activity;sid:84345164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.236.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482063/; classtype:trojan-activity;sid:84345163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.119.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482062/; classtype:trojan-activity;sid:84345162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482061)"; flow:established,from_client; content:"GET"; http_method; content:"/stb/retev.php|3f|bl=sljurzjsslqcmdtxdolcw013.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"zetolacs-cloud.top"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482061/; classtype:trojan-activity;sid:84345161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.14.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482060/; classtype:trojan-activity;sid:84345160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.27.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482059/; classtype:trojan-activity;sid:84345159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.97.49"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482058/; classtype:trojan-activity;sid:84345158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.39.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482057/; classtype:trojan-activity;sid:84345157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.92.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482056/; classtype:trojan-activity;sid:84345156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.87.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482055/; classtype:trojan-activity;sid:84345155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482054)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/lbnuoc.dat"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"195.177.94.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482054/; classtype:trojan-activity;sid:84345154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482053)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/pjefvakyqr.pdf"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"195.177.94.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482053/; classtype:trojan-activity;sid:84345153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482052)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/twqzmjg.mp4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"195.177.94.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482052/; classtype:trojan-activity;sid:84345152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482050)"; flow:established,from_client; content:"GET"; http_method; content:"/sm/gate.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"195.177.94.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482050/; classtype:trojan-activity;sid:84345150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482051)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/irfyhgapefh.dat"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"195.177.94.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482051/; classtype:trojan-activity;sid:84345151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.143.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482049/; classtype:trojan-activity;sid:84345149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.44.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482048/; classtype:trojan-activity;sid:84345148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.120.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482047/; classtype:trojan-activity;sid:84345147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.92.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482046/; classtype:trojan-activity;sid:84345146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.54.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482044/; classtype:trojan-activity;sid:84345144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.92.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482045/; classtype:trojan-activity;sid:84345145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482043)"; flow:established,from_client; content:"GET"; http_method; content:"/b.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.159.113.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482043/; classtype:trojan-activity;sid:84345143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482038)"; flow:established,from_client; content:"GET"; http_method; content:"/9002e03ce63668a7/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.93.20.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482038/; classtype:trojan-activity;sid:84345138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482039)"; flow:established,from_client; content:"GET"; http_method; content:"/9002e03ce63668a7/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.93.20.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482039/; classtype:trojan-activity;sid:84345139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482040)"; flow:established,from_client; content:"GET"; http_method; content:"/9002e03ce63668a7/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"45.93.20.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482040/; classtype:trojan-activity;sid:84345140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482041)"; flow:established,from_client; content:"GET"; http_method; content:"/9002e03ce63668a7/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.93.20.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482041/; classtype:trojan-activity;sid:84345141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482042)"; flow:established,from_client; content:"GET"; http_method; content:"/9002e03ce63668a7/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.93.20.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482042/; classtype:trojan-activity;sid:84345142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482037)"; flow:established,from_client; content:"GET"; http_method; content:"/9002e03ce63668a7/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"45.93.20.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482037/; classtype:trojan-activity;sid:84345137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482035)"; flow:established,from_client; content:"GET"; http_method; content:"/9002e03ce63668a7/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.93.20.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482035/; classtype:trojan-activity;sid:84345135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482036)"; flow:established,from_client; content:"GET"; http_method; content:"/x.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.159.113.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482036/; classtype:trojan-activity;sid:84345136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.236.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482033/; classtype:trojan-activity;sid:84345133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.29.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482034/; classtype:trojan-activity;sid:84345134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482032)"; flow:established,from_client; content:"GET"; http_method; content:"/40lqqlqaz7.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482032/; classtype:trojan-activity;sid:84345132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.9.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482031/; classtype:trojan-activity;sid:84345131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.217.187.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482030/; classtype:trojan-activity;sid:84345130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482029)"; flow:established,from_client; content:"GET"; http_method; content:"/sign-in|3f|op_token=zxj81egvvyxv0ackyaqounlo3mm9it2qznk5un3prm3bpcmgscwf1dghvcml6zroaahr0chm6ly9hzg1pbi5ib29raw5nlmnvbs8qonsiyxv0af9hdhrlbxb0x2lkijoiyjezzgnlmjqtmgm5os00yjjllthiogutnji0njlln2y1zgq5in0yk1lhoetpzgcwyxpls1n1og5vz25uq3psci1mykt5txfxavnwannsmjv4wnm6bfmyntzcbgnvzguqezcsipujlk4nogbcafjd1nxosdi"; http_uri; depth:305; isdataat:!1,relative; nocase; content:"guestidreviews.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482029/; classtype:trojan-activity;sid:84345129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482028)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"guestidreviews.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482028/; classtype:trojan-activity;sid:84345128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482027)"; flow:established,from_client; content:"GET"; http_method; content:"/l7jwabt71ry0gu4z.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"kernel-alt-v3.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482027/; classtype:trojan-activity;sid:84345127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.131.60.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482025/; classtype:trojan-activity;sid:84345125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.97.49"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482026/; classtype:trojan-activity;sid:84345126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.87.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482024/; classtype:trojan-activity;sid:84345124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.138.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482023/; classtype:trojan-activity;sid:84345123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482022)"; flow:established,from_client; content:"GET"; http_method; content:"/bik/hyftnzplbqcexvan86.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"risontransportes.com.br"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482022/; classtype:trojan-activity;sid:84345122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482021)"; flow:established,from_client; content:"GET"; http_method; content:"/166/wsse.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"198.46.132.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482021/; classtype:trojan-activity;sid:84345121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.66.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482020/; classtype:trojan-activity;sid:84345120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.180.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482018/; classtype:trojan-activity;sid:84345118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.229.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482019/; classtype:trojan-activity;sid:84345119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.54.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482017/; classtype:trojan-activity;sid:84345117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.87.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482016/; classtype:trojan-activity;sid:84345116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482015/; classtype:trojan-activity;sid:84345115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.177.151.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482014/; classtype:trojan-activity;sid:84345114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.181.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482013/; classtype:trojan-activity;sid:84345113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.142.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482012/; classtype:trojan-activity;sid:84345112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.217.187.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482011/; classtype:trojan-activity;sid:84345111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.221.44.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482010/; classtype:trojan-activity;sid:84345110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482009)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.aguu5.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482009/; classtype:trojan-activity;sid:84345109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.40.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482008/; classtype:trojan-activity;sid:84345108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.45.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482007/; classtype:trojan-activity;sid:84345107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.27.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482006/; classtype:trojan-activity;sid:84345106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.138.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482005/; classtype:trojan-activity;sid:84345105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.205.253.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482004/; classtype:trojan-activity;sid:84345104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.60.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482003/; classtype:trojan-activity;sid:84345103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.168.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482002/; classtype:trojan-activity;sid:84345102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.155.205.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482001/; classtype:trojan-activity;sid:84345101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.142.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482000/; classtype:trojan-activity;sid:84345100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.162.115.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481999/; classtype:trojan-activity;sid:84345099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.155.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481998/; classtype:trojan-activity;sid:84345098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.75.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481997/; classtype:trojan-activity;sid:84345097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481994)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.20.91.26"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481994/; classtype:trojan-activity;sid:84345094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481995)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.48.66.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481995/; classtype:trojan-activity;sid:84345095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.238.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481996/; classtype:trojan-activity;sid:84345096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.203.72.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481993/; classtype:trojan-activity;sid:84345093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.40.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481992/; classtype:trojan-activity;sid:84345092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.70.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481991/; classtype:trojan-activity;sid:84345091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.139.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481990/; classtype:trojan-activity;sid:84345090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481989/; classtype:trojan-activity;sid:84345089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.93.93.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481988/; classtype:trojan-activity;sid:84345088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481985)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.178.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481985/; classtype:trojan-activity;sid:84345085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.27.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481986/; classtype:trojan-activity;sid:84345086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.67.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481987/; classtype:trojan-activity;sid:84345087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.148.59.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481983/; classtype:trojan-activity;sid:84345083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.48.66.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481984/; classtype:trojan-activity;sid:84345084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.37.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481981/; classtype:trojan-activity;sid:84345081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.123.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481982/; classtype:trojan-activity;sid:84345082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.140.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481980/; classtype:trojan-activity;sid:84345080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.205.253.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481979/; classtype:trojan-activity;sid:84345079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.168.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481978/; classtype:trojan-activity;sid:84345078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.205.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481977/; classtype:trojan-activity;sid:84345077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481976)"; flow:established,from_client; content:"GET"; http_method; content:"/7eczv1dl8w.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481976/; classtype:trojan-activity;sid:84345076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.33.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481975/; classtype:trojan-activity;sid:84345075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.154.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481974/; classtype:trojan-activity;sid:84345074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.37.126.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481973/; classtype:trojan-activity;sid:84345073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.162.115.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481972/; classtype:trojan-activity;sid:84345072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.225.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481971/; classtype:trojan-activity;sid:84345071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.72.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481970/; classtype:trojan-activity;sid:84345070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.237.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481969/; classtype:trojan-activity;sid:84345069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.180.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481968/; classtype:trojan-activity;sid:84345068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.75.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481967/; classtype:trojan-activity;sid:84345067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.116.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481966/; classtype:trojan-activity;sid:84345066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.140.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481965/; classtype:trojan-activity;sid:84345065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.170.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481964/; classtype:trojan-activity;sid:84345064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.87.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481963/; classtype:trojan-activity;sid:84345063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.231.150.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481962/; classtype:trojan-activity;sid:84345062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481961)"; flow:established,from_client; content:"GET"; http_method; content:"/cverify.bat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"twitch.ist"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481961/; classtype:trojan-activity;sid:84345061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481960)"; flow:established,from_client; content:"GET"; http_method; content:"/apple.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cloudhost.bond"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481960/; classtype:trojan-activity;sid:84345060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481958)"; flow:established,from_client; content:"GET"; http_method; content:"/cricket.bat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"twltter.io"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481958/; classtype:trojan-activity;sid:84345058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481959)"; flow:established,from_client; content:"GET"; http_method; content:"/a/"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"betblox.casino"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481959/; classtype:trojan-activity;sid:84345059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481957)"; flow:established,from_client; content:"GET"; http_method; content:"/trf/graviola.bmp"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"24.152.38.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481957/; classtype:trojan-activity;sid:84345057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481956)"; flow:established,from_client; content:"GET"; http_method; content:"/numonehittaboy/cdn/refs/heads/main/cvf.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481956/; classtype:trojan-activity;sid:84345056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481955)"; flow:established,from_client; content:"GET"; http_method; content:"/ct7ybve7f387/tests/refs/heads/main/testt.ps1"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481955/; classtype:trojan-activity;sid:84345055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.154.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481954/; classtype:trojan-activity;sid:84345054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.168.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481953/; classtype:trojan-activity;sid:84345053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.180.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481952/; classtype:trojan-activity;sid:84345052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.208.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481951/; classtype:trojan-activity;sid:84345051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.182.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481950/; classtype:trojan-activity;sid:84345050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.75.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481949/; classtype:trojan-activity;sid:84345049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.116.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481948/; classtype:trojan-activity;sid:84345048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.119.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481946/; classtype:trojan-activity;sid:84345046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.192.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481947/; classtype:trojan-activity;sid:84345047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.93.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481944/; classtype:trojan-activity;sid:84345044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.37.126.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481945/; classtype:trojan-activity;sid:84345045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.56.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481943/; classtype:trojan-activity;sid:84345043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.120.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481941/; classtype:trojan-activity;sid:84345041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.79.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481942/; classtype:trojan-activity;sid:84345042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.132.95.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481940/; classtype:trojan-activity;sid:84345040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.50.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481939/; classtype:trojan-activity;sid:84345039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.56.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481937/; classtype:trojan-activity;sid:84345037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.31.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481938/; classtype:trojan-activity;sid:84345038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481936)"; flow:established,from_client; content:"GET"; http_method; content:"/t47jeeuts8.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481936/; classtype:trojan-activity;sid:84345036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.119.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481935/; classtype:trojan-activity;sid:84345035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.140.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481934/; classtype:trojan-activity;sid:84345034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.203.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481933/; classtype:trojan-activity;sid:84345033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.51.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481932/; classtype:trojan-activity;sid:84345032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.12.15.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481931/; classtype:trojan-activity;sid:84345031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.24.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481930/; classtype:trojan-activity;sid:84345030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.192.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481929/; classtype:trojan-activity;sid:84345029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.93.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481928/; classtype:trojan-activity;sid:84345028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.79.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481927/; classtype:trojan-activity;sid:84345027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.63.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481926/; classtype:trojan-activity;sid:84345026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.15.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481925/; classtype:trojan-activity;sid:84345025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.50.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481924/; classtype:trojan-activity;sid:84345024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.120.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481923/; classtype:trojan-activity;sid:84345023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.38.203.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481922/; classtype:trojan-activity;sid:84345022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.203.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481921/; classtype:trojan-activity;sid:84345021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.140.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481920/; classtype:trojan-activity;sid:84345020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481919/; classtype:trojan-activity;sid:84345019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481918/; classtype:trojan-activity;sid:84345018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.232.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481917/; classtype:trojan-activity;sid:84345017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.21.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481916/; classtype:trojan-activity;sid:84345016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.38.203.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481915/; classtype:trojan-activity;sid:84345015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.147.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481914/; classtype:trojan-activity;sid:84345014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481913/; classtype:trojan-activity;sid:84345013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481912/; classtype:trojan-activity;sid:84345012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.138.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481911/; classtype:trojan-activity;sid:84345011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.130.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481910/; classtype:trojan-activity;sid:84345010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.150.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481909/; classtype:trojan-activity;sid:84345009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481908/; classtype:trojan-activity;sid:84345008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.106.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481907/; classtype:trojan-activity;sid:84345007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.27.13.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481906/; classtype:trojan-activity;sid:84345006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.32.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481904/; classtype:trojan-activity;sid:84345004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.31.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481905/; classtype:trojan-activity;sid:84345005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.51.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481903/; classtype:trojan-activity;sid:84345003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.251.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481902/; classtype:trojan-activity;sid:84345002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481901/; classtype:trojan-activity;sid:84345001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.12.6.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481900/; classtype:trojan-activity;sid:84345000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481899)"; flow:established,from_client; content:"GET"; http_method; content:"/p9gbap91ux.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481899/; classtype:trojan-activity;sid:84344999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.218.233.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481898/; classtype:trojan-activity;sid:84344998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.21.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481897/; classtype:trojan-activity;sid:84344997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481896/; classtype:trojan-activity;sid:84344996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.230.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481895/; classtype:trojan-activity;sid:84344995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.62.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481894/; classtype:trojan-activity;sid:84344994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.131.60.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481893/; classtype:trojan-activity;sid:84344993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.67.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481892/; classtype:trojan-activity;sid:84344992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.147.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481891/; classtype:trojan-activity;sid:84344991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.63.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481890/; classtype:trojan-activity;sid:84344990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.164.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481889/; classtype:trojan-activity;sid:84344989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.32.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481888/; classtype:trojan-activity;sid:84344988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481887/; classtype:trojan-activity;sid:84344987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.79.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481885/; classtype:trojan-activity;sid:84344985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.90.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481886/; classtype:trojan-activity;sid:84344986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.219.241.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481884/; classtype:trojan-activity;sid:84344984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.82.121.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481883/; classtype:trojan-activity;sid:84344983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.130.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481882/; classtype:trojan-activity;sid:84344982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.106.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481881/; classtype:trojan-activity;sid:84344981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.140.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481880/; classtype:trojan-activity;sid:84344980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.31.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481879/; classtype:trojan-activity;sid:84344979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.234.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481878/; classtype:trojan-activity;sid:84344978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.70.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481877/; classtype:trojan-activity;sid:84344977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.6.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481876/; classtype:trojan-activity;sid:84344976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.15.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481875/; classtype:trojan-activity;sid:84344975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.251.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481874/; classtype:trojan-activity;sid:84344974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.29.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481873/; classtype:trojan-activity;sid:84344973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.85.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481872/; classtype:trojan-activity;sid:84344972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.31.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481871/; classtype:trojan-activity;sid:84344971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.24.218"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481870/; classtype:trojan-activity;sid:84344970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.85.98.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481869/; classtype:trojan-activity;sid:84344969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.27.13.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481868/; classtype:trojan-activity;sid:84344968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.140.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481867/; classtype:trojan-activity;sid:84344967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.29.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481866/; classtype:trojan-activity;sid:84344966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.70.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481865/; classtype:trojan-activity;sid:84344965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.130.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481864/; classtype:trojan-activity;sid:84344964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.164.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481863/; classtype:trojan-activity;sid:84344963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.219.241.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481862/; classtype:trojan-activity;sid:84344962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.66.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481861/; classtype:trojan-activity;sid:84344961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.90.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481860/; classtype:trojan-activity;sid:84344960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.58.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481859/; classtype:trojan-activity;sid:84344959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481858/; classtype:trojan-activity;sid:84344958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.234.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481857/; classtype:trojan-activity;sid:84344957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481856/; classtype:trojan-activity;sid:84344956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.140.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481855/; classtype:trojan-activity;sid:84344955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.21.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481854/; classtype:trojan-activity;sid:84344954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.34.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481853/; classtype:trojan-activity;sid:84344953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.38.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481852/; classtype:trojan-activity;sid:84344952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481851)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.120.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481851/; classtype:trojan-activity;sid:84344951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.15.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481850/; classtype:trojan-activity;sid:84344950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.112.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481849/; classtype:trojan-activity;sid:84344949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.93.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481848/; classtype:trojan-activity;sid:84344948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.5.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481847/; classtype:trojan-activity;sid:84344947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.156.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481846/; classtype:trojan-activity;sid:84344946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481845)"; flow:established,from_client; content:"GET"; http_method; content:"/2eexnbqa8s.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481845/; classtype:trojan-activity;sid:84344945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.90.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481844/; classtype:trojan-activity;sid:84344944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.183.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481843/; classtype:trojan-activity;sid:84344943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.140.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481842/; classtype:trojan-activity;sid:84344942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.31.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481840/; classtype:trojan-activity;sid:84344940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.21.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481841/; classtype:trojan-activity;sid:84344941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.196.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481839/; classtype:trojan-activity;sid:84344939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.140.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481838/; classtype:trojan-activity;sid:84344938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.14.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481837/; classtype:trojan-activity;sid:84344937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.85.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481836/; classtype:trojan-activity;sid:84344936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.173.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481835/; classtype:trojan-activity;sid:84344935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.164.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481834/; classtype:trojan-activity;sid:84344934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.156.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481833/; classtype:trojan-activity;sid:84344933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.112.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481832/; classtype:trojan-activity;sid:84344932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.66.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481831/; classtype:trojan-activity;sid:84344931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.153.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481830/; classtype:trojan-activity;sid:84344930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.5.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481829/; classtype:trojan-activity;sid:84344929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.204.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481828/; classtype:trojan-activity;sid:84344928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.181.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481827/; classtype:trojan-activity;sid:84344927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.140.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481826/; classtype:trojan-activity;sid:84344926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.35.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481825/; classtype:trojan-activity;sid:84344925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.200.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481824/; classtype:trojan-activity;sid:84344924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.39.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481823/; classtype:trojan-activity;sid:84344923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481822/; classtype:trojan-activity;sid:84344922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.122.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481821/; classtype:trojan-activity;sid:84344921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.4.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481820/; classtype:trojan-activity;sid:84344920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.180.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481819/; classtype:trojan-activity;sid:84344919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.14.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481818/; classtype:trojan-activity;sid:84344918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.153.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481817/; classtype:trojan-activity;sid:84344917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.85.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481816/; classtype:trojan-activity;sid:84344916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.164.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481815/; classtype:trojan-activity;sid:84344915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.180.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481813/; classtype:trojan-activity;sid:84344913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.14.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481814/; classtype:trojan-activity;sid:84344914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.234.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481812/; classtype:trojan-activity;sid:84344912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.173.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481811/; classtype:trojan-activity;sid:84344911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.25.228.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481810/; classtype:trojan-activity;sid:84344910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.204.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481809/; classtype:trojan-activity;sid:84344909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.8.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481808/; classtype:trojan-activity;sid:84344908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.200.220.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481807/; classtype:trojan-activity;sid:84344907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.78.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481806/; classtype:trojan-activity;sid:84344906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.35.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481805/; classtype:trojan-activity;sid:84344905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481804)"; flow:established,from_client; content:"GET"; http_method; content:"/tqevevk1rn.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481804/; classtype:trojan-activity;sid:84344904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.29.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481803/; classtype:trojan-activity;sid:84344903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.22.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481802/; classtype:trojan-activity;sid:84344902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.234.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481801/; classtype:trojan-activity;sid:84344901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.50.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481800/; classtype:trojan-activity;sid:84344900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.151.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481799/; classtype:trojan-activity;sid:84344899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.242.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481798/; classtype:trojan-activity;sid:84344898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.178.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481797/; classtype:trojan-activity;sid:84344897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.78.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481796/; classtype:trojan-activity;sid:84344896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481795/; classtype:trojan-activity;sid:84344895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481794)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.etau0.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481794/; classtype:trojan-activity;sid:84344894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.161.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481793/; classtype:trojan-activity;sid:84344893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.250.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481792/; classtype:trojan-activity;sid:84344892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.250.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481791/; classtype:trojan-activity;sid:84344891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.234.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481790/; classtype:trojan-activity;sid:84344890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481788)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.134.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481788/; classtype:trojan-activity;sid:84344888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.217.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481789/; classtype:trojan-activity;sid:84344889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.94.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481787/; classtype:trojan-activity;sid:84344887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.29.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481786/; classtype:trojan-activity;sid:84344886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.127.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481784/; classtype:trojan-activity;sid:84344884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.49.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481785/; classtype:trojan-activity;sid:84344885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.133.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481783/; classtype:trojan-activity;sid:84344883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.150.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481782/; classtype:trojan-activity;sid:84344882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.111.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481781/; classtype:trojan-activity;sid:84344881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.234.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481780/; classtype:trojan-activity;sid:84344880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.216.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481779/; classtype:trojan-activity;sid:84344879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481778)"; flow:established,from_client; content:"GET"; http_method; content:"/wva46jjwhr.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481778/; classtype:trojan-activity;sid:84344878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.161.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481777/; classtype:trojan-activity;sid:84344877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.155.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481776/; classtype:trojan-activity;sid:84344876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.82.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481775/; classtype:trojan-activity;sid:84344875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.127.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481774/; classtype:trojan-activity;sid:84344874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.64.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481773/; classtype:trojan-activity;sid:84344873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.216.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481772/; classtype:trojan-activity;sid:84344872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.11.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481771/; classtype:trojan-activity;sid:84344871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.146.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481770/; classtype:trojan-activity;sid:84344870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.16.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481769/; classtype:trojan-activity;sid:84344869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.18.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481768/; classtype:trojan-activity;sid:84344868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.146.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481766/; classtype:trojan-activity;sid:84344866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.182.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481767/; classtype:trojan-activity;sid:84344867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.64.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481765/; classtype:trojan-activity;sid:84344865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.237.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481764/; classtype:trojan-activity;sid:84344864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481762)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/purchase%20order%20list.pdf.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"176.65.141.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481762/; classtype:trojan-activity;sid:84344862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481763)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/new%20order%20requirement.pdf.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"176.65.141.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481763/; classtype:trojan-activity;sid:84344863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481760)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/my_secret_photo.jpg.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"89.23.103.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481760/; classtype:trojan-activity;sid:84344860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481761)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/my_secret_photo4.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"89.23.103.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481761/; classtype:trojan-activity;sid:84344861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481744)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/check222222.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"62.133.61.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481744/; classtype:trojan-activity;sid:84344844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481745)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/my_secret_photo5.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"89.23.103.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481745/; classtype:trojan-activity;sid:84344845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481746)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/my_secret_photo3.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"89.23.103.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481746/; classtype:trojan-activity;sid:84344846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481747)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/my_secret_photo2.jpg.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"89.23.103.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481747/; classtype:trojan-activity;sid:84344847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481748)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/readme.url"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"5.253.59.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481748/; classtype:trojan-activity;sid:84344848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481749)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/my_photo.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"89.23.103.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481749/; classtype:trojan-activity;sid:84344849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.237.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481750/; classtype:trojan-activity;sid:84344850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481751)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/eassynow.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"62.133.61.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481751/; classtype:trojan-activity;sid:84344851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481752)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/olala2.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"62.133.61.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481752/; classtype:trojan-activity;sid:84344852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481753)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/check2.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"62.133.61.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481753/; classtype:trojan-activity;sid:84344853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481754)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/pure.pdf.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.87.31.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481754/; classtype:trojan-activity;sid:84344854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481755)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/vvverif5.jpg.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"89.23.103.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481755/; classtype:trojan-activity;sid:84344855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481756)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/vvverif.jpg.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.23.103.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481756/; classtype:trojan-activity;sid:84344856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481757)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/example2.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"89.23.103.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481757/; classtype:trojan-activity;sid:84344857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481758)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/olala.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"62.133.61.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481758/; classtype:trojan-activity;sid:84344858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481759)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/remotelnk.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"89.23.103.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481759/; classtype:trojan-activity;sid:84344859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481743)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/missing.bat"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.253.59.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481743/; classtype:trojan-activity;sid:84344843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481742)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/invoice.js"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"195.177.94.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481742/; classtype:trojan-activity;sid:84344842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.169.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481741/; classtype:trojan-activity;sid:84344841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.237.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481740/; classtype:trojan-activity;sid:84344840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.16.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481739/; classtype:trojan-activity;sid:84344839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.11.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481738/; classtype:trojan-activity;sid:84344838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.49.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481737/; classtype:trojan-activity;sid:84344837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.22.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481736/; classtype:trojan-activity;sid:84344836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.187.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481733/; classtype:trojan-activity;sid:84344833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481734)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.151.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481734/; classtype:trojan-activity;sid:84344834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.106.105.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481735/; classtype:trojan-activity;sid:84344835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.206.100.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481730/; classtype:trojan-activity;sid:84344830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.178.250.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481731/; classtype:trojan-activity;sid:84344831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.219.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481732/; classtype:trojan-activity;sid:84344832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.4.92"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481729/; classtype:trojan-activity;sid:84344829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.203.72.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481728/; classtype:trojan-activity;sid:84344828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.251.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481726/; classtype:trojan-activity;sid:84344826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.145.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481727/; classtype:trojan-activity;sid:84344827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.13.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481725/; classtype:trojan-activity;sid:84344825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"65.99.116.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481724/; classtype:trojan-activity;sid:84344824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.178.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481723/; classtype:trojan-activity;sid:84344823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.8.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481722/; classtype:trojan-activity;sid:84344822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481719)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/softwareupdate1.pdf.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"86.54.42.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481719/; classtype:trojan-activity;sid:84344819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481720)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/softwareupdatemsi.pdf.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"86.54.42.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481720/; classtype:trojan-activity;sid:84344820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481721)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/hmrc_self_1assessment.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"86.54.42.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481721/; classtype:trojan-activity;sid:84344821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.23.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481718/; classtype:trojan-activity;sid:84344818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.18.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481717/; classtype:trojan-activity;sid:84344817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481716)"; flow:established,from_client; content:"GET"; http_method; content:"/rabbit/41tkbqsk.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"79.133.46.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481716/; classtype:trojan-activity;sid:84344816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.61.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481715/; classtype:trojan-activity;sid:84344815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481714)"; flow:established,from_client; content:"GET"; http_method; content:"/dtbpfyk9n5.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481714/; classtype:trojan-activity;sid:84344814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481713)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"156.225.31.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481713/; classtype:trojan-activity;sid:84344813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481695)"; flow:established,from_client; content:"GET"; http_method; content:"/win.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.225.31.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481695/; classtype:trojan-activity;sid:84344795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481696)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.225.31.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481696/; classtype:trojan-activity;sid:84344796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481697)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el_softfloat"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"156.225.31.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481697/; classtype:trojan-activity;sid:84344797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481698)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.225.31.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481698/; classtype:trojan-activity;sid:84344798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481699)"; flow:established,from_client; content:"GET"; http_method; content:"/dw.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"156.225.31.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481699/; classtype:trojan-activity;sid:84344799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481700)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64el"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"156.225.31.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481700/; classtype:trojan-activity;sid:84344800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481701)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.225.31.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481701/; classtype:trojan-activity;sid:84344801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481702)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"156.225.31.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481702/; classtype:trojan-activity;sid:84344802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481703)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64_softfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"156.225.31.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481703/; classtype:trojan-activity;sid:84344803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481704)"; flow:established,from_client; content:"GET"; http_method; content:"/download.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.225.31.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481704/; classtype:trojan-activity;sid:84344804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481705)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.225.31.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481705/; classtype:trojan-activity;sid:84344805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481706)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.225.31.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481706/; classtype:trojan-activity;sid:84344806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481707)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips_softfloat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"156.225.31.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481707/; classtype:trojan-activity;sid:84344807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481708)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.225.31.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481708/; classtype:trojan-activity;sid:84344808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481709)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.225.31.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481709/; classtype:trojan-activity;sid:84344809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481710)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel_softfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"156.225.31.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481710/; classtype:trojan-activity;sid:84344810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481711)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.225.31.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481711/; classtype:trojan-activity;sid:84344811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481712)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.225.31.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481712/; classtype:trojan-activity;sid:84344812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.16.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481694/; classtype:trojan-activity;sid:84344794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.178.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481693/; classtype:trojan-activity;sid:84344793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481692)"; flow:established,from_client; content:"GET"; http_method; content:"/note/setup3956.msi"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"38.180.60.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481692/; classtype:trojan-activity;sid:84344792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481691)"; flow:established,from_client; content:"GET"; http_method; content:"/upd/document_wp160400278.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"38.180.60.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481691/; classtype:trojan-activity;sid:84344791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.237.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481690/; classtype:trojan-activity;sid:84344790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481687)"; flow:established,from_client; content:"GET"; http_method; content:"/2bonida%20unterlagen%20schweiz.js"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"196.251.117.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481687/; classtype:trojan-activity;sid:84344787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481688)"; flow:established,from_client; content:"GET"; http_method; content:"/a.cmd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.117.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481688/; classtype:trojan-activity;sid:84344788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481689)"; flow:established,from_client; content:"GET"; http_method; content:"/bonida%20unterlagen%20schweiz.js"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"196.251.117.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481689/; classtype:trojan-activity;sid:84344789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.228.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481686/; classtype:trojan-activity;sid:84344786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481685)"; flow:established,from_client; content:"GET"; http_method; content:"/bonida/cristian%20rus%20documente%20elvetia.pdf.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"196.251.117.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481685/; classtype:trojan-activity;sid:84344785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.104.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481684/; classtype:trojan-activity;sid:84344784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481672)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/600.ocx"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"70.34.220.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481672/; classtype:trojan-activity;sid:84344772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481673)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/9028505.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"70.34.220.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481673/; classtype:trojan-activity;sid:84344773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481674)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/9028502.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"70.34.220.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481674/; classtype:trojan-activity;sid:84344774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481675)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/9028504.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"70.34.220.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481675/; classtype:trojan-activity;sid:84344775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481676)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/905.ocx"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"70.34.220.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481676/; classtype:trojan-activity;sid:84344776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481677)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/928391.ocx"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"70.34.220.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481677/; classtype:trojan-activity;sid:84344777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481678)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/9283391.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"70.34.220.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481678/; classtype:trojan-activity;sid:84344778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481679)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/9028506.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"70.34.220.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481679/; classtype:trojan-activity;sid:84344779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481680)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/1200.ocx"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"70.34.220.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481680/; classtype:trojan-activity;sid:84344780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481681)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/90285026.ocx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"70.34.220.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481681/; classtype:trojan-activity;sid:84344781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481682)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/9028501.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"70.34.220.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481682/; classtype:trojan-activity;sid:84344782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481683)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/521512.ocx"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"70.34.220.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481683/; classtype:trojan-activity;sid:84344783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481670)"; flow:established,from_client; content:"GET"; http_method; content:"/webdav/b3b2a77e-6c41-43e5-8e6d-8db5a4fda166/gdpr-notice_of_default-totalenergies-032025.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"3.120.246.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481670/; classtype:trojan-activity;sid:84344770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481671)"; flow:established,from_client; content:"GET"; http_method; content:"/webdav/b3b2a77e-6c41-43e5-8e6d-8db5a4fda166/gdpr%20-%20notice%20of%20default%20-%20totalenergies%20-%20032025.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"3.120.246.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481671/; classtype:trojan-activity;sid:84344771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.61.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481668/; classtype:trojan-activity;sid:84344768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.38.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481669/; classtype:trojan-activity;sid:84344769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481663)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/90285025.ocx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudydrive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481663/; classtype:trojan-activity;sid:84344763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481664)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/90285022.ocx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudydrive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481664/; classtype:trojan-activity;sid:84344764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481665)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/90285022.ocx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sharings.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481665/; classtype:trojan-activity;sid:84344765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481666)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/90285021.ocx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudydrive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481666/; classtype:trojan-activity;sid:84344766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481667)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/90285021.ocx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sharings.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481667/; classtype:trojan-activity;sid:84344767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481662)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/90285022.ocx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"208.85.20.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481662/; classtype:trojan-activity;sid:84344762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481661)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/90285021.ocx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"208.85.20.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481661/; classtype:trojan-activity;sid:84344761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481660)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/90285025.ocx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"208.85.20.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481660/; classtype:trojan-activity;sid:84344760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481659)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/90285026.ocx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cloudydrive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481659/; classtype:trojan-activity;sid:84344759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481658)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/90285026.ocx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sharings.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481658/; classtype:trojan-activity;sid:84344758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481657)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/9283391.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sharings.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481657/; classtype:trojan-activity;sid:84344757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481656)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/9283391.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cloudydrive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481656/; classtype:trojan-activity;sid:84344756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481655)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/reference_0251.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sharings.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481655/; classtype:trojan-activity;sid:84344755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481654)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/reference_0252.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sharings.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481654/; classtype:trojan-activity;sid:84344754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481651)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/reference_0252.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"cloudydrive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481651/; classtype:trojan-activity;sid:84344751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481652)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/reference_0251.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"cloudydrive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481652/; classtype:trojan-activity;sid:84344752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481653)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/90285026.ocx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"208.85.20.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481653/; classtype:trojan-activity;sid:84344753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481649)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/90285025.ocx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sharings.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481649/; classtype:trojan-activity;sid:84344749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481650)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/9283391.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"208.85.20.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481650/; classtype:trojan-activity;sid:84344750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481648)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/reference_0251.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"208.85.20.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481648/; classtype:trojan-activity;sid:84344748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481647)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/reference_0252.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"208.85.20.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481647/; classtype:trojan-activity;sid:84344747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.127.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481646/; classtype:trojan-activity;sid:84344746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.30.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481645/; classtype:trojan-activity;sid:84344745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.5.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481644/; classtype:trojan-activity;sid:84344744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481643/; classtype:trojan-activity;sid:84344743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481637)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"23.94.235.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481637/; classtype:trojan-activity;sid:84344737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481638)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"23.94.235.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481638/; classtype:trojan-activity;sid:84344738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481639)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"23.94.235.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481639/; classtype:trojan-activity;sid:84344739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481640)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"23.94.235.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481640/; classtype:trojan-activity;sid:84344740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481641)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"23.94.235.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481641/; classtype:trojan-activity;sid:84344741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481642)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"23.94.235.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481642/; classtype:trojan-activity;sid:84344742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481632)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"23.94.235.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481632/; classtype:trojan-activity;sid:84344732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481633)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"23.94.235.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481633/; classtype:trojan-activity;sid:84344733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481634)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"23.94.235.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481634/; classtype:trojan-activity;sid:84344734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481635)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"23.94.235.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481635/; classtype:trojan-activity;sid:84344735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481636)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"23.94.235.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481636/; classtype:trojan-activity;sid:84344736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.238.232.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481630/; classtype:trojan-activity;sid:84344730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.61.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481631/; classtype:trojan-activity;sid:84344731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.163.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481629/; classtype:trojan-activity;sid:84344729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.151.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481628/; classtype:trojan-activity;sid:84344728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.242.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481627/; classtype:trojan-activity;sid:84344727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.104.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481626/; classtype:trojan-activity;sid:84344726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.242.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481625/; classtype:trojan-activity;sid:84344725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.210.18.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481624/; classtype:trojan-activity;sid:84344724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.51.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481622/; classtype:trojan-activity;sid:84344722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.37.155.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481623/; classtype:trojan-activity;sid:84344723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.165.14.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481621/; classtype:trojan-activity;sid:84344721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.184.50.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481616/; classtype:trojan-activity;sid:84344716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.219.245.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481617/; classtype:trojan-activity;sid:84344717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.220.87.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481618/; classtype:trojan-activity;sid:84344718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.44.131.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481619/; classtype:trojan-activity;sid:84344719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.220.29.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481620/; classtype:trojan-activity;sid:84344720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.79.114.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481604/; classtype:trojan-activity;sid:84344704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"143.208.184.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481605/; classtype:trojan-activity;sid:84344705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.75.168.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481606/; classtype:trojan-activity;sid:84344706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.167.166.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481607/; classtype:trojan-activity;sid:84344707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.63.226.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481608/; classtype:trojan-activity;sid:84344708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.33.77.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481609/; classtype:trojan-activity;sid:84344709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.103.130.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481610/; classtype:trojan-activity;sid:84344710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.79.114.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481611/; classtype:trojan-activity;sid:84344711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.43.146.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481612/; classtype:trojan-activity;sid:84344712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.48.228.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481613/; classtype:trojan-activity;sid:84344713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.117.30.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481614/; classtype:trojan-activity;sid:84344714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.97.170.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481615/; classtype:trojan-activity;sid:84344715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.48.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481601/; classtype:trojan-activity;sid:84344701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.238.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481602/; classtype:trojan-activity;sid:84344702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.159.106.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481603/; classtype:trojan-activity;sid:84344703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"69.114.157.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481599/; classtype:trojan-activity;sid:84344699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.218.189.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481600/; classtype:trojan-activity;sid:84344700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.251.153.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481598/; classtype:trojan-activity;sid:84344698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.127.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481597/; classtype:trojan-activity;sid:84344697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.124.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481596/; classtype:trojan-activity;sid:84344696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481595)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.73.162.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481595/; classtype:trojan-activity;sid:84344695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481594)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.215.93.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481594/; classtype:trojan-activity;sid:84344694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481589)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.88.42.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481589/; classtype:trojan-activity;sid:84344689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481590)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.75.200.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481590/; classtype:trojan-activity;sid:84344690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481591)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.209.107.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481591/; classtype:trojan-activity;sid:84344691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481592)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.62.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481592/; classtype:trojan-activity;sid:84344692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481593)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.76.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481593/; classtype:trojan-activity;sid:84344693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481574)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.92.168.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481574/; classtype:trojan-activity;sid:84344674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481575)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.142.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481575/; classtype:trojan-activity;sid:84344675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481576)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.117.40.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481576/; classtype:trojan-activity;sid:84344676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481577)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"152.173.209.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481577/; classtype:trojan-activity;sid:84344677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481578)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.40.119.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481578/; classtype:trojan-activity;sid:84344678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481579)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.65.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481579/; classtype:trojan-activity;sid:84344679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481580)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.65.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481580/; classtype:trojan-activity;sid:84344680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481581)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.23.170.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481581/; classtype:trojan-activity;sid:84344681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481582)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.64.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481582/; classtype:trojan-activity;sid:84344682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481583)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.64.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481583/; classtype:trojan-activity;sid:84344683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481584)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.146.64.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481584/; classtype:trojan-activity;sid:84344684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481585)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"180.21.67.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481585/; classtype:trojan-activity;sid:84344685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481586)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.10.212.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481586/; classtype:trojan-activity;sid:84344686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481587)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.88.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481587/; classtype:trojan-activity;sid:84344687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481588)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.23.170.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481588/; classtype:trojan-activity;sid:84344688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.154.81.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481570/; classtype:trojan-activity;sid:84344670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481571)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.136.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481571/; classtype:trojan-activity;sid:84344671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481572)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.142.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481572/; classtype:trojan-activity;sid:84344672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481573)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.182.114.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481573/; classtype:trojan-activity;sid:84344673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481567)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.158.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481567/; classtype:trojan-activity;sid:84344667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481568)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.44.34.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481568/; classtype:trojan-activity;sid:84344668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481569)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.169.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481569/; classtype:trojan-activity;sid:84344669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481565)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.133.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481565/; classtype:trojan-activity;sid:84344665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481566)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.133.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481566/; classtype:trojan-activity;sid:84344666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.232.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481564/; classtype:trojan-activity;sid:84344664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.147.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481563/; classtype:trojan-activity;sid:84344663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.151.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481562/; classtype:trojan-activity;sid:84344662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.61.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481561/; classtype:trojan-activity;sid:84344661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.83.16.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481560/; classtype:trojan-activity;sid:84344660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"65.99.116.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481558/; classtype:trojan-activity;sid:84344658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.63.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481559/; classtype:trojan-activity;sid:84344659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.163.221.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481557/; classtype:trojan-activity;sid:84344657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.6.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481556/; classtype:trojan-activity;sid:84344656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.243.225.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481555/; classtype:trojan-activity;sid:84344655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481554)"; flow:established,from_client; content:"GET"; http_method; content:"/ommtiz4z00.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481554/; classtype:trojan-activity;sid:84344654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.30.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481553/; classtype:trojan-activity;sid:84344653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.33.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481551/; classtype:trojan-activity;sid:84344651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.243.225.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481552/; classtype:trojan-activity;sid:84344652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.236.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481550/; classtype:trojan-activity;sid:84344650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.177.151.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481549/; classtype:trojan-activity;sid:84344649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.133.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481548/; classtype:trojan-activity;sid:84344648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.154.81.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481547/; classtype:trojan-activity;sid:84344647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.177.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481546/; classtype:trojan-activity;sid:84344646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.6.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481545/; classtype:trojan-activity;sid:84344645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.184.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481544/; classtype:trojan-activity;sid:84344644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481543/; classtype:trojan-activity;sid:84344643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.200.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481542/; classtype:trojan-activity;sid:84344642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"65.99.116.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481541/; classtype:trojan-activity;sid:84344641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.210.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481540/; classtype:trojan-activity;sid:84344640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.24.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481539/; classtype:trojan-activity;sid:84344639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.30.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481538/; classtype:trojan-activity;sid:84344638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.56.12.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481536/; classtype:trojan-activity;sid:84344636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.225.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481537/; classtype:trojan-activity;sid:84344637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481535/; classtype:trojan-activity;sid:84344635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.248.12.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481534/; classtype:trojan-activity;sid:84344634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.163.221.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481533/; classtype:trojan-activity;sid:84344633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.232.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481532/; classtype:trojan-activity;sid:84344632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.30.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481531/; classtype:trojan-activity;sid:84344631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.216.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481530/; classtype:trojan-activity;sid:84344630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.133.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481529/; classtype:trojan-activity;sid:84344629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.89.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481528/; classtype:trojan-activity;sid:84344628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.124.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481527/; classtype:trojan-activity;sid:84344627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.55.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481526/; classtype:trojan-activity;sid:84344626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.184.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481525/; classtype:trojan-activity;sid:84344625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.40.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481524/; classtype:trojan-activity;sid:84344624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.30.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481523/; classtype:trojan-activity;sid:84344623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.216.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481522/; classtype:trojan-activity;sid:84344622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.159.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481521/; classtype:trojan-activity;sid:84344621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.210.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481519/; classtype:trojan-activity;sid:84344619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.122.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481520/; classtype:trojan-activity;sid:84344620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481518)"; flow:established,from_client; content:"GET"; http_method; content:"/bwgqx9ytyv.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481518/; classtype:trojan-activity;sid:84344618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.57.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481517/; classtype:trojan-activity;sid:84344617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.209.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481515/; classtype:trojan-activity;sid:84344615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.55.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481516/; classtype:trojan-activity;sid:84344616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.100.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481514/; classtype:trojan-activity;sid:84344614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.8.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481513/; classtype:trojan-activity;sid:84344613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.221.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481512/; classtype:trojan-activity;sid:84344612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.113.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481511/; classtype:trojan-activity;sid:84344611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.140.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481510/; classtype:trojan-activity;sid:84344610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.180.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481509/; classtype:trojan-activity;sid:84344609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.183.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481508/; classtype:trojan-activity;sid:84344608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.255.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481507/; classtype:trojan-activity;sid:84344607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.255.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481506/; classtype:trojan-activity;sid:84344606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.86.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481505/; classtype:trojan-activity;sid:84344605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.209.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481504/; classtype:trojan-activity;sid:84344604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.40.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481503/; classtype:trojan-activity;sid:84344603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.82.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481502/; classtype:trojan-activity;sid:84344602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.221.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481501/; classtype:trojan-activity;sid:84344601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.113.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481500/; classtype:trojan-activity;sid:84344600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.240.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481499/; classtype:trojan-activity;sid:84344599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.42.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481498/; classtype:trojan-activity;sid:84344598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.89.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481497/; classtype:trojan-activity;sid:84344597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.100.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481496/; classtype:trojan-activity;sid:84344596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.240.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481495/; classtype:trojan-activity;sid:84344595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.82.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481494/; classtype:trojan-activity;sid:84344594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.86.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481493/; classtype:trojan-activity;sid:84344593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.202.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481492/; classtype:trojan-activity;sid:84344592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.240.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481491/; classtype:trojan-activity;sid:84344591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481490)"; flow:established,from_client; content:"GET"; http_method; content:"/di0j15lug9.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481490/; classtype:trojan-activity;sid:84344590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.140.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481489/; classtype:trojan-activity;sid:84344589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.73.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481488/; classtype:trojan-activity;sid:84344588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481487)"; flow:established,from_client; content:"GET"; http_method; content:"/profilelayout"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"exchange.tuckx.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481487/; classtype:trojan-activity;sid:84344587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.113.196.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481486/; classtype:trojan-activity;sid:84344586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.218.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481485/; classtype:trojan-activity;sid:84344585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.113.196.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481484/; classtype:trojan-activity;sid:84344584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.103.190.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481482/; classtype:trojan-activity;sid:84344582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.66.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481483/; classtype:trojan-activity;sid:84344583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.57.90.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481481/; classtype:trojan-activity;sid:84344581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.94.245.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481480/; classtype:trojan-activity;sid:84344580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.192.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481479/; classtype:trojan-activity;sid:84344579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.175.115.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481478/; classtype:trojan-activity;sid:84344578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481477)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.opie6.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481477/; classtype:trojan-activity;sid:84344577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.141.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481475/; classtype:trojan-activity;sid:84344575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481476/; classtype:trojan-activity;sid:84344576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.11.64.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481474/; classtype:trojan-activity;sid:84344574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481473)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.106.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481473/; classtype:trojan-activity;sid:84344573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.103.190.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481472/; classtype:trojan-activity;sid:84344572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.94.245.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481471/; classtype:trojan-activity;sid:84344571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481470/; classtype:trojan-activity;sid:84344570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481469)"; flow:established,from_client; content:"GET"; http_method; content:"/gkfn4qv15m.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481469/; classtype:trojan-activity;sid:84344569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481466)"; flow:established,from_client; content:"GET"; http_method; content:"/sign-in|3f|op_token=zxj81egvvyxv0ackyaqounlo3mm9it2qznk5un3prm3bpcmgscwf1dghvcml6zroaahr0chm6ly9hzg1pbi5ib29raw5nlmnvbs8qonsiyxv0af9hdhrlbxb0x2lkijoiyjezzgnlmjqtmgm5os00yjjllthiogutnji0njlln2y1zgq5in0yk1lhoetpzgcwyxpls1n1og5vz25uq3psci1mykt5txfxavnwannsmjv4wnm6bfmyntzcbgnvzguqezcsipujlk4nogbcafjd1nxosdi"; http_uri; depth:305; isdataat:!1,relative; nocase; content:"booking.itemsidguest.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481466/; classtype:trojan-activity;sid:84344566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481467)"; flow:established,from_client; content:"GET"; http_method; content:"/nxrjhphn5lcldcrr.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"kernel-alt-v3.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481467/; classtype:trojan-activity;sid:84344567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481468)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"kernel-alt-v3.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481468/; classtype:trojan-activity;sid:84344568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481464)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"booking.itemsidguest.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481464/; classtype:trojan-activity;sid:84344564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481465)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"itemsidguest.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481465/; classtype:trojan-activity;sid:84344565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481462/; classtype:trojan-activity;sid:84344562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.218.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481463/; classtype:trojan-activity;sid:84344563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481461/; classtype:trojan-activity;sid:84344561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.200.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481460/; classtype:trojan-activity;sid:84344560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.228.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481459/; classtype:trojan-activity;sid:84344559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.115.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481458/; classtype:trojan-activity;sid:84344558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481457/; classtype:trojan-activity;sid:84344557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.152.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481456/; classtype:trojan-activity;sid:84344556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.138.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481455/; classtype:trojan-activity;sid:84344555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.11.64.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481454/; classtype:trojan-activity;sid:84344554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.170.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481453/; classtype:trojan-activity;sid:84344553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.167.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481452/; classtype:trojan-activity;sid:84344552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.132.19.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481451/; classtype:trojan-activity;sid:84344551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.231.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481450/; classtype:trojan-activity;sid:84344550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.132.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481449/; classtype:trojan-activity;sid:84344549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.81.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481448/; classtype:trojan-activity;sid:84344548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.31.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481447/; classtype:trojan-activity;sid:84344547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.152.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481446/; classtype:trojan-activity;sid:84344546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.50.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481445/; classtype:trojan-activity;sid:84344545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481444/; classtype:trojan-activity;sid:84344544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481443)"; flow:established,from_client; content:"GET"; http_method; content:"/lvzx8k08ao.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481443/; classtype:trojan-activity;sid:84344543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.81.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481442/; classtype:trojan-activity;sid:84344542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.231.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481441/; classtype:trojan-activity;sid:84344541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.31.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481440/; classtype:trojan-activity;sid:84344540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.217.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481439/; classtype:trojan-activity;sid:84344539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.37.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481438/; classtype:trojan-activity;sid:84344538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.42.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481437/; classtype:trojan-activity;sid:84344537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.80.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481436/; classtype:trojan-activity;sid:84344536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.50.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481434/; classtype:trojan-activity;sid:84344534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.217.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481435/; classtype:trojan-activity;sid:84344535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.246.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481433/; classtype:trojan-activity;sid:84344533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.83.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481432/; classtype:trojan-activity;sid:84344532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.100.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481431/; classtype:trojan-activity;sid:84344531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.37.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481430/; classtype:trojan-activity;sid:84344530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481429/; classtype:trojan-activity;sid:84344529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.80.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481428/; classtype:trojan-activity;sid:84344528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.25.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481427/; classtype:trojan-activity;sid:84344527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.252.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481426/; classtype:trojan-activity;sid:84344526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.25.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481425/; classtype:trojan-activity;sid:84344525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.179.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481424/; classtype:trojan-activity;sid:84344524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.49.178.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481420/; classtype:trojan-activity;sid:84344520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.3.158.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481421/; classtype:trojan-activity;sid:84344521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481422)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.152.241.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481422/; classtype:trojan-activity;sid:84344522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.22.160.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481423/; classtype:trojan-activity;sid:84344523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.197.112.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481419/; classtype:trojan-activity;sid:84344519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.55.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481418/; classtype:trojan-activity;sid:84344518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481417)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.63.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481417/; classtype:trojan-activity;sid:84344517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481416)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.115.89.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481416/; classtype:trojan-activity;sid:84344516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.55.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481415/; classtype:trojan-activity;sid:84344515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.133.219.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481413/; classtype:trojan-activity;sid:84344513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.228.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481414/; classtype:trojan-activity;sid:84344514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.148.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481410/; classtype:trojan-activity;sid:84344510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.178.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481411/; classtype:trojan-activity;sid:84344511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481412)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.178.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481412/; classtype:trojan-activity;sid:84344512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481409/; classtype:trojan-activity;sid:84344509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.209.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481408/; classtype:trojan-activity;sid:84344508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481407)"; flow:established,from_client; content:"GET"; http_method; content:"/dnlqquzcxd.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481407/; classtype:trojan-activity;sid:84344507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.180.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481406/; classtype:trojan-activity;sid:84344506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.105.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481405/; classtype:trojan-activity;sid:84344505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.179.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481404/; classtype:trojan-activity;sid:84344504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.29.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481403/; classtype:trojan-activity;sid:84344503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.209.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481402/; classtype:trojan-activity;sid:84344502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.252.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481401/; classtype:trojan-activity;sid:84344501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.237.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481400/; classtype:trojan-activity;sid:84344500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.105.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481398/; classtype:trojan-activity;sid:84344498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.249.76.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481399/; classtype:trojan-activity;sid:84344499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.91.173.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481396/; classtype:trojan-activity;sid:84344496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.50.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481397/; classtype:trojan-activity;sid:84344497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.236.148.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481395/; classtype:trojan-activity;sid:84344495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.29.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481394/; classtype:trojan-activity;sid:84344494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.65.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481393/; classtype:trojan-activity;sid:84344493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.100.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481392/; classtype:trojan-activity;sid:84344492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.93.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481391/; classtype:trojan-activity;sid:84344491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.27.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481390/; classtype:trojan-activity;sid:84344490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.188.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481389/; classtype:trojan-activity;sid:84344489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.171.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481388/; classtype:trojan-activity;sid:84344488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.237.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481387/; classtype:trojan-activity;sid:84344487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.236.148.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481386/; classtype:trojan-activity;sid:84344486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.249.76.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481385/; classtype:trojan-activity;sid:84344485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481384)"; flow:established,from_client; content:"GET"; http_method; content:"/cpi15aoetg.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481384/; classtype:trojan-activity;sid:84344484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481383)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.abye7.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481383/; classtype:trojan-activity;sid:84344483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.138.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481382/; classtype:trojan-activity;sid:84344482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.188.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481381/; classtype:trojan-activity;sid:84344481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.27.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481380/; classtype:trojan-activity;sid:84344480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.185.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481379/; classtype:trojan-activity;sid:84344479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.89.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481378/; classtype:trojan-activity;sid:84344478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.171.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481377/; classtype:trojan-activity;sid:84344477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.65.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481376/; classtype:trojan-activity;sid:84344476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.172.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481375/; classtype:trojan-activity;sid:84344475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.235.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481374/; classtype:trojan-activity;sid:84344474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.155.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481373/; classtype:trojan-activity;sid:84344473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.27.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481372/; classtype:trojan-activity;sid:84344472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.17.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481371/; classtype:trojan-activity;sid:84344471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.250.17.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481370/; classtype:trojan-activity;sid:84344470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481369)"; flow:established,from_client; content:"GET"; http_method; content:"/25uy9cdsx6.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481369/; classtype:trojan-activity;sid:84344469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.155.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481368/; classtype:trojan-activity;sid:84344468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.97.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481367/; classtype:trojan-activity;sid:84344467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.194.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481366/; classtype:trojan-activity;sid:84344466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.221.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481365/; classtype:trojan-activity;sid:84344465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.254.9.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481364/; classtype:trojan-activity;sid:84344464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.232.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481363/; classtype:trojan-activity;sid:84344463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481362)"; flow:established,from_client; content:"GET"; http_method; content:"/profilelayout"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"training.preschoolproblems.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481362/; classtype:trojan-activity;sid:84344462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.221.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481361/; classtype:trojan-activity;sid:84344461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.148.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481360/; classtype:trojan-activity;sid:84344460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.180.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481359/; classtype:trojan-activity;sid:84344459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.159.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481358/; classtype:trojan-activity;sid:84344458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.94.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481357/; classtype:trojan-activity;sid:84344457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.194.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481356/; classtype:trojan-activity;sid:84344456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.159.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481355/; classtype:trojan-activity;sid:84344455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.254.9.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481354/; classtype:trojan-activity;sid:84344454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.31.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481353/; classtype:trojan-activity;sid:84344453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481352)"; flow:established,from_client; content:"GET"; http_method; content:"/tx8vxzdl7g.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481352/; classtype:trojan-activity;sid:84344452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.148.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481351/; classtype:trojan-activity;sid:84344451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.31.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481350/; classtype:trojan-activity;sid:84344450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.106.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481349/; classtype:trojan-activity;sid:84344449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.132.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481348/; classtype:trojan-activity;sid:84344448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.94.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481346/; classtype:trojan-activity;sid:84344446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.179.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481347/; classtype:trojan-activity;sid:84344447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.244.65.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481345/; classtype:trojan-activity;sid:84344445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481344)"; flow:established,from_client; content:"GET"; http_method; content:"/alishazara/api/refs/heads/master/rh_s.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481344/; classtype:trojan-activity;sid:84344444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.60.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481342/; classtype:trojan-activity;sid:84344442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.61.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481343/; classtype:trojan-activity;sid:84344443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.0.111"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481341/; classtype:trojan-activity;sid:84344441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.39.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481340/; classtype:trojan-activity;sid:84344440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.75.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481339/; classtype:trojan-activity;sid:84344439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.245.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481337/; classtype:trojan-activity;sid:84344437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.61.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481338/; classtype:trojan-activity;sid:84344438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.60.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481336/; classtype:trojan-activity;sid:84344436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.65.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481335/; classtype:trojan-activity;sid:84344435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.181.109.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481334/; classtype:trojan-activity;sid:84344434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.153.208.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481333/; classtype:trojan-activity;sid:84344433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481332)"; flow:established,from_client; content:"GET"; http_method; content:"/n/url/uploads/my.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"elaajsupport.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481332/; classtype:trojan-activity;sid:84344432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481330)"; flow:established,from_client; content:"GET"; http_method; content:"/n/url/uploads/ad.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"elaajsupport.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481330/; classtype:trojan-activity;sid:84344430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481331)"; flow:established,from_client; content:"GET"; http_method; content:"/n/url/uploads/cl.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"elaajsupport.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481331/; classtype:trojan-activity;sid:84344431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.39.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481329/; classtype:trojan-activity;sid:84344429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481328)"; flow:established,from_client; content:"GET"; http_method; content:"/cranvortex2002/fortnite-external-cheat/releases/download/download/loader.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481328/; classtype:trojan-activity;sid:84344428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481327)"; flow:established,from_client; content:"GET"; http_method; content:"/totwinchester913/fortnite-cheat-vane.cc/releases/download/download/loader.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481327/; classtype:trojan-activity;sid:84344427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481326)"; flow:established,from_client; content:"GET"; http_method; content:"/mrtik9090/tuneskit_spotify_music_converter_crack/releases/download/3.1.9/tuneskit-spotify-music-converter-crack-3.1.9.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481326/; classtype:trojan-activity;sid:84344426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481324)"; flow:established,from_client; content:"GET"; http_method; content:"/mouad105/mobiledit-forensic-express-pro-free/releases/download/v1.5.8/mobiledit-forensic-express-pro-free-v1.5.8.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481324/; classtype:trojan-activity;sid:84344424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481325)"; flow:established,from_client; content:"GET"; http_method; content:"/apple.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"hostingcloud.tech"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481325/; classtype:trojan-activity;sid:84344425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481321)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19263418/len.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481321/; classtype:trojan-activity;sid:84344421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481322)"; flow:established,from_client; content:"GET"; http_method; content:"/load/xclient.vbs"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"122c.mosco.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481322/; classtype:trojan-activity;sid:84344422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481323)"; flow:established,from_client; content:"GET"; http_method; content:"/electrum.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"electrum.org.ph"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481323/; classtype:trojan-activity;sid:84344423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481319)"; flow:established,from_client; content:"GET"; http_method; content:"/duramax69/learning-gorm/releases/download/v1.0/soft.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481319/; classtype:trojan-activity;sid:84344419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.72.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481320/; classtype:trojan-activity;sid:84344420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.75.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481318/; classtype:trojan-activity;sid:84344418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481317)"; flow:established,from_client; content:"GET"; http_method; content:"/38xbljpbqa.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481317/; classtype:trojan-activity;sid:84344417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.169.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481316/; classtype:trojan-activity;sid:84344416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.244.74.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481315/; classtype:trojan-activity;sid:84344415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.232.8.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481314/; classtype:trojan-activity;sid:84344414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.245.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481312/; classtype:trojan-activity;sid:84344412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.253.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481313/; classtype:trojan-activity;sid:84344413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.229.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481311/; classtype:trojan-activity;sid:84344411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.208.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481310/; classtype:trojan-activity;sid:84344410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.229.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481309/; classtype:trojan-activity;sid:84344409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.143.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481308/; classtype:trojan-activity;sid:84344408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.48.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481307/; classtype:trojan-activity;sid:84344407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481306)"; flow:established,from_client; content:"GET"; http_method; content:"/test/mio.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"96.9.210.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481306/; classtype:trojan-activity;sid:84344406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.253.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481305/; classtype:trojan-activity;sid:84344405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481303)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ad.js"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"invoice-docs-file.site"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481303/; classtype:trojan-activity;sid:84344403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481304)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/g2m.dll"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"invoice-docs-file.site"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481304/; classtype:trojan-activity;sid:84344404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481302)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/file.js"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"invoice-docs-file.site"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481302/; classtype:trojan-activity;sid:84344402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.229.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481301/; classtype:trojan-activity;sid:84344401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.219.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481300/; classtype:trojan-activity;sid:84344400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.143.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481299/; classtype:trojan-activity;sid:84344399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481298)"; flow:established,from_client; content:"GET"; http_method; content:"/tpbactivetor/update.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"193.142.147.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481298/; classtype:trojan-activity;sid:84344398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.48.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481297/; classtype:trojan-activity;sid:84344397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.153.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481296/; classtype:trojan-activity;sid:84344396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481295)"; flow:established,from_client; content:"GET"; http_method; content:"/qf26bnvjuf.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481295/; classtype:trojan-activity;sid:84344395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481294/; classtype:trojan-activity;sid:84344394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481293)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/rau.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481293/; classtype:trojan-activity;sid:84344393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481292)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/crypt%20b.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481292/; classtype:trojan-activity;sid:84344392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481291)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/nocrypt.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481291/; classtype:trojan-activity;sid:84344391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481290)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/crypt%20c.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481290/; classtype:trojan-activity;sid:84344390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481289)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/first.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481289/; classtype:trojan-activity;sid:84344389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481285)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/chdisbnted.hta.mp4"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481285/; classtype:trojan-activity;sid:84344385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481286)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/x32_log_seh.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481286/; classtype:trojan-activity;sid:84344386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481287)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/cryptaset2taxist.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481287/; classtype:trojan-activity;sid:84344387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481288)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/crypt%20a%20x64.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481288/; classtype:trojan-activity;sid:84344388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481283)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/chdisbnteded.hta.mp4"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481283/; classtype:trojan-activity;sid:84344383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481284)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/x32_log.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481284/; classtype:trojan-activity;sid:84344384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481280)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/crypt%20a%20x32.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481280/; classtype:trojan-activity;sid:84344380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.242.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481281/; classtype:trojan-activity;sid:84344381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481282)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/cpanel.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481282/; classtype:trojan-activity;sid:84344382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481276)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/fyleanon.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481276/; classtype:trojan-activity;sid:84344376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481277)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/faylb.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481277/; classtype:trojan-activity;sid:84344377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481278)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/fayla32.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481278/; classtype:trojan-activity;sid:84344378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481279)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/delelel.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481279/; classtype:trojan-activity;sid:84344379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481270)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/fayla64.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481270/; classtype:trojan-activity;sid:84344370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481271)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/x32_log.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481271/; classtype:trojan-activity;sid:84344371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481272)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/deelel.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481272/; classtype:trojan-activity;sid:84344372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481273)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/faylc.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481273/; classtype:trojan-activity;sid:84344373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481274)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/txt/cpanel.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481274/; classtype:trojan-activity;sid:84344374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481275)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/last.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481275/; classtype:trojan-activity;sid:84344375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.219.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481269/; classtype:trojan-activity;sid:84344369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.73.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481268/; classtype:trojan-activity;sid:84344368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481267)"; flow:established,from_client; content:"GET"; http_method; content:"/simpledownload/watcher.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.147.125.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481267/; classtype:trojan-activity;sid:84344367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.109.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481266/; classtype:trojan-activity;sid:84344366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.84.215.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481265/; classtype:trojan-activity;sid:84344365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.153.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481264/; classtype:trojan-activity;sid:84344364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.58.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481263/; classtype:trojan-activity;sid:84344363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.8.123"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481262/; classtype:trojan-activity;sid:84344362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.73.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481261/; classtype:trojan-activity;sid:84344361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.185.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481260/; classtype:trojan-activity;sid:84344360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.129.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481259/; classtype:trojan-activity;sid:84344359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.147.40.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481257/; classtype:trojan-activity;sid:84344357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481258/; classtype:trojan-activity;sid:84344358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481252)"; flow:established,from_client; content:"GET"; http_method; content:"/gacor1945/chosyudstn.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"braindemics.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481252/; classtype:trojan-activity;sid:84344352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481250)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-imported/typed.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"iran-bitumen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481250/; classtype:trojan-activity;sid:84344350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481230)"; flow:established,from_client; content:"GET"; http_method; content:"/confirmm2.com/capcha"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.23.107.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481230/; classtype:trojan-activity;sid:84344330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.84.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481225/; classtype:trojan-activity;sid:84344325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.58.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481224/; classtype:trojan-activity;sid:84344324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.50.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481223/; classtype:trojan-activity;sid:84344323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481222)"; flow:established,from_client; content:"GET"; http_method; content:"/tpbactivetor/tpb-activator-1.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"chillyhiss.update-checker-status.cc"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481222/; classtype:trojan-activity;sid:84344322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481221)"; flow:established,from_client; content:"GET"; http_method; content:"/1337/torrentold-1.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"chillyhiss.update-checker-status.cc"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481221/; classtype:trojan-activity;sid:84344321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481220)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"chillyhiss.update-checker-status.cc"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481220/; classtype:trojan-activity;sid:84344320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481219)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.111.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481219/; classtype:trojan-activity;sid:84344319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.161.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481216/; classtype:trojan-activity;sid:84344316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481217)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.191.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481217/; classtype:trojan-activity;sid:84344317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.53.229.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481218/; classtype:trojan-activity;sid:84344318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481215/; classtype:trojan-activity;sid:84344315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481214)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481214/; classtype:trojan-activity;sid:84344314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.115.89.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481213/; classtype:trojan-activity;sid:84344313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.26.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481211/; classtype:trojan-activity;sid:84344311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481212)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.230.66.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481212/; classtype:trojan-activity;sid:84344312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.132.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481210/; classtype:trojan-activity;sid:84344310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.93.93.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481208/; classtype:trojan-activity;sid:84344308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481209)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.168.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481209/; classtype:trojan-activity;sid:84344309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481205)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"fox-news-checker.cc"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481205/; classtype:trojan-activity;sid:84344305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481206)"; flow:established,from_client; content:"GET"; http_method; content:"/tpbactivetor/tpb-activator-1.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"fox-news-checker.cc"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481206/; classtype:trojan-activity;sid:84344306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481207)"; flow:established,from_client; content:"GET"; http_method; content:"/tpbactivetor/tpb-activator-1.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"win-network-checker.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481207/; classtype:trojan-activity;sid:84344307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481202)"; flow:established,from_client; content:"GET"; http_method; content:"/tpbactivetor/tpb-activator-1.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"utorrent-server-api.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481202/; classtype:trojan-activity;sid:84344302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481203)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"utorrent-server-api.cc"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481203/; classtype:trojan-activity;sid:84344303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481204)"; flow:established,from_client; content:"GET"; http_method; content:"/1337/torrentold-1.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"security-service-api-link.cc"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481204/; classtype:trojan-activity;sid:84344304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481201)"; flow:established,from_client; content:"GET"; http_method; content:"/tpbactivetor/tpb-activator-1.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"update-checker-status.cc"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481201/; classtype:trojan-activity;sid:84344301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481200)"; flow:established,from_client; content:"GET"; http_method; content:"/tpbactivetor/tpb-activator-1.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"security-service-api-link.cc"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481200/; classtype:trojan-activity;sid:84344300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481197)"; flow:established,from_client; content:"GET"; http_method; content:"/update/tpb-1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.121.84.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481197/; classtype:trojan-activity;sid:84344297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481198)"; flow:established,from_client; content:"GET"; http_method; content:"/tpbactivetor/tpb-activator-1.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"microsoft-auth-network.cc"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481198/; classtype:trojan-activity;sid:84344298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481199)"; flow:established,from_client; content:"GET"; http_method; content:"/1337/torrentold-1.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"microsoft-auth-network.cc"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481199/; classtype:trojan-activity;sid:84344299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481195)"; flow:established,from_client; content:"GET"; http_method; content:"/tpbactivetor/tpb-activator-1.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"87.121.84.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481195/; classtype:trojan-activity;sid:84344295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481196)"; flow:established,from_client; content:"GET"; http_method; content:"/1337/torrentold-1.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.121.84.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481196/; classtype:trojan-activity;sid:84344296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.19.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481194/; classtype:trojan-activity;sid:84344294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481193)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.182.148.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481193/; classtype:trojan-activity;sid:84344293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.85.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481192/; classtype:trojan-activity;sid:84344292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481191)"; flow:established,from_client; content:"GET"; http_method; content:"/cytnooxn5a.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.tweeddisparity.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481191/; classtype:trojan-activity;sid:84344291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.84.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481190/; classtype:trojan-activity;sid:84344290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.160.117.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481189/; classtype:trojan-activity;sid:84344289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.161.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481188/; classtype:trojan-activity;sid:84344288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.42.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481187/; classtype:trojan-activity;sid:84344287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.73.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481186/; classtype:trojan-activity;sid:84344286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.162.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481185/; classtype:trojan-activity;sid:84344285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.89.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481184/; classtype:trojan-activity;sid:84344284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.19.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481183/; classtype:trojan-activity;sid:84344283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.89.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481182/; classtype:trojan-activity;sid:84344282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481181/; classtype:trojan-activity;sid:84344281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.202.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481180/; classtype:trojan-activity;sid:84344280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.44.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481179/; classtype:trojan-activity;sid:84344279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.126.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481178/; classtype:trojan-activity;sid:84344278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.62.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481177/; classtype:trojan-activity;sid:84344277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.145.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481176/; classtype:trojan-activity;sid:84344276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481175)"; flow:established,from_client; content:"GET"; http_method; content:"/oxsjf61gv4.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.resolutestumble.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481175/; classtype:trojan-activity;sid:84344275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.92.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481174/; classtype:trojan-activity;sid:84344274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.44.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481173/; classtype:trojan-activity;sid:84344273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.55.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481172/; classtype:trojan-activity;sid:84344272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.208.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481171/; classtype:trojan-activity;sid:84344271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.60.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481170/; classtype:trojan-activity;sid:84344270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.24.47"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481169/; classtype:trojan-activity;sid:84344269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.230.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481168/; classtype:trojan-activity;sid:84344268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.133.219.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481167/; classtype:trojan-activity;sid:84344267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.39.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481166/; classtype:trojan-activity;sid:84344266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.18.253.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481165/; classtype:trojan-activity;sid:84344265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.188.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481164/; classtype:trojan-activity;sid:84344264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.185.49.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481163/; classtype:trojan-activity;sid:84344263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.185.49.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481162/; classtype:trojan-activity;sid:84344262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.82.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481161/; classtype:trojan-activity;sid:84344261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.60.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481160/; classtype:trojan-activity;sid:84344260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481159)"; flow:established,from_client; content:"GET"; http_method; content:"/lee-willie/data/blob/main/data.dat"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481159/; classtype:trojan-activity;sid:84344259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481158)"; flow:established,from_client; content:"GET"; http_method; content:"/lee-willie/data/blob/main/start.vbs"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481158/; classtype:trojan-activity;sid:84344258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481156)"; flow:established,from_client; content:"GET"; http_method; content:"/lee-willie/data/blob/main/system.ps1"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481156/; classtype:trojan-activity;sid:84344256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481157)"; flow:established,from_client; content:"GET"; http_method; content:"/lee-willie/data/blob/main/start.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481157/; classtype:trojan-activity;sid:84344257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481154)"; flow:established,from_client; content:"GET"; http_method; content:"/lee-willie/data/blob/main/datanew.ps1"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481154/; classtype:trojan-activity;sid:84344254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481155)"; flow:established,from_client; content:"GET"; http_method; content:"/lee-willie/data/blob/main/install.bat"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481155/; classtype:trojan-activity;sid:84344255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.124.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481153/; classtype:trojan-activity;sid:84344253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.103.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481152/; classtype:trojan-activity;sid:84344252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.133.219.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481151/; classtype:trojan-activity;sid:84344251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.145.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481150/; classtype:trojan-activity;sid:84344250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481148)"; flow:established,from_client; content:"GET"; http_method; content:"/lee-willie/data/refs/heads/main/data.dat"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481148/; classtype:trojan-activity;sid:84344248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481149)"; flow:established,from_client; content:"GET"; http_method; content:"/lee-willie/data/refs/heads/main/datanew.ps1"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481149/; classtype:trojan-activity;sid:84344249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481147)"; flow:established,from_client; content:"GET"; http_method; content:"/lee-willie/data/refs/heads/main/start.vbs"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481147/; classtype:trojan-activity;sid:84344247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.231.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481145/; classtype:trojan-activity;sid:84344245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.55.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481146/; classtype:trojan-activity;sid:84344246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481144)"; flow:established,from_client; content:"GET"; http_method; content:"/lee-willie/data/refs/heads/main/system.ps1"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481144/; classtype:trojan-activity;sid:84344244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.18.253.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481143/; classtype:trojan-activity;sid:84344243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.188.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481142/; classtype:trojan-activity;sid:84344242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481141)"; flow:established,from_client; content:"GET"; http_method; content:"/tai12uht8k.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.resolutestumble.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481141/; classtype:trojan-activity;sid:84344241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.154.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481140/; classtype:trojan-activity;sid:84344240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.129.51.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481139/; classtype:trojan-activity;sid:84344239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481138)"; flow:established,from_client; content:"GET"; http_method; content:"/6354/70534a410169b51c914e9ac9ca318c73/skidanov2017.pdf"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"2024.sci-hub.se"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481138/; classtype:trojan-activity;sid:84344238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.151.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481137/; classtype:trojan-activity;sid:84344237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.53.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481136/; classtype:trojan-activity;sid:84344236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.103.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481135/; classtype:trojan-activity;sid:84344235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.230.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481134/; classtype:trojan-activity;sid:84344234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.124.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481133/; classtype:trojan-activity;sid:84344233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.237.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481132/; classtype:trojan-activity;sid:84344232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481129)"; flow:established,from_client; content:"GET"; http_method; content:"/ladyhaha06/data/blob/main/data.vbs"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481129/; classtype:trojan-activity;sid:84344229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.154.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481130/; classtype:trojan-activity;sid:84344230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481131)"; flow:established,from_client; content:"GET"; http_method; content:"/ladyhaha06/data/blob/main/data.ps1"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481131/; classtype:trojan-activity;sid:84344231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481128)"; flow:established,from_client; content:"GET"; http_method; content:"/ladyhaha06/data/blob/main/install.bat"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481128/; classtype:trojan-activity;sid:84344228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481127)"; flow:established,from_client; content:"GET"; http_method; content:"/ladyhaha06/python/archive/refs/heads/main.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481127/; classtype:trojan-activity;sid:84344227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481126)"; flow:established,from_client; content:"GET"; http_method; content:"/kevindark5/taproject/raw/refs/heads/main/startup.vbs"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481126/; classtype:trojan-activity;sid:84344226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481125)"; flow:established,from_client; content:"GET"; http_method; content:"/kevindark5/kakprj/refs/heads/main/kak.ps1"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481125/; classtype:trojan-activity;sid:84344225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481124)"; flow:established,from_client; content:"GET"; http_method; content:"/kevindark5/taproject/raw/refs/heads/main/fileta.ps1"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481124/; classtype:trojan-activity;sid:84344224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481123)"; flow:established,from_client; content:"GET"; http_method; content:"/kevindark5/kakprj/refs/heads/main/kak.vbs"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481123/; classtype:trojan-activity;sid:84344223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.153.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481122/; classtype:trojan-activity;sid:84344222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.231.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481121/; classtype:trojan-activity;sid:84344221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481120)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.inea3.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481120/; classtype:trojan-activity;sid:84344220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.18.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481119/; classtype:trojan-activity;sid:84344219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481118)"; flow:established,from_client; content:"GET"; http_method; content:"/gkcxv.google"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"check.qusixoy6.icu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481118/; classtype:trojan-activity;sid:84344218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.20.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481117/; classtype:trojan-activity;sid:84344217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.237.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481116/; classtype:trojan-activity;sid:84344216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.21.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481115/; classtype:trojan-activity;sid:84344215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481114)"; flow:established,from_client; content:"GET"; http_method; content:"/888.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"195.82.146.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481114/; classtype:trojan-activity;sid:84344214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.240.211.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481113/; classtype:trojan-activity;sid:84344213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481112/; classtype:trojan-activity;sid:84344212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481111/; classtype:trojan-activity;sid:84344211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.44.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481110/; classtype:trojan-activity;sid:84344210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.204.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481108/; classtype:trojan-activity;sid:84344208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.141.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481109/; classtype:trojan-activity;sid:84344209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.10.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481107/; classtype:trojan-activity;sid:84344207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.202.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481104/; classtype:trojan-activity;sid:84344204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.17.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481105/; classtype:trojan-activity;sid:84344205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.170.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481106/; classtype:trojan-activity;sid:84344206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.165.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481103/; classtype:trojan-activity;sid:84344203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.153.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481102/; classtype:trojan-activity;sid:84344202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.142.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481101/; classtype:trojan-activity;sid:84344201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.99.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481100/; classtype:trojan-activity;sid:84344200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.164.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481099/; classtype:trojan-activity;sid:84344199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.119.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481098/; classtype:trojan-activity;sid:84344198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.220.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481097/; classtype:trojan-activity;sid:84344197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.99.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481096/; classtype:trojan-activity;sid:84344196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.253.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481095/; classtype:trojan-activity;sid:84344195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.21.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481094/; classtype:trojan-activity;sid:84344194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.83.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481093/; classtype:trojan-activity;sid:84344193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.90.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481092/; classtype:trojan-activity;sid:84344192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481091)"; flow:established,from_client; content:"GET"; http_method; content:"/css/abx.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"stakloram.rs"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481091/; classtype:trojan-activity;sid:84344191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481090)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xlde2r2o"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481090/; classtype:trojan-activity;sid:84344190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481089)"; flow:established,from_client; content:"GET"; http_method; content:"/2025/03/18/06/902533569.jpg"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www2.0zz0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481089/; classtype:trojan-activity;sid:84344189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.18.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481087/; classtype:trojan-activity;sid:84344187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.102.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481088/; classtype:trojan-activity;sid:84344188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.83.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481086/; classtype:trojan-activity;sid:84344186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.15.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481085/; classtype:trojan-activity;sid:84344185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.161.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481084/; classtype:trojan-activity;sid:84344184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.119.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481083/; classtype:trojan-activity;sid:84344183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.163.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481082/; classtype:trojan-activity;sid:84344182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.79.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481081/; classtype:trojan-activity;sid:84344181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481080)"; flow:established,from_client; content:"GET"; http_method; content:"/api/file/get|3f|filekey=tnbo6ug7gwyngcygcp_8flrzjkvqolmlwngar8btcpcryjpeutpa1jt4ph6daec|7c|26|7c|skipreg=true|7c|26|7c|pk_vid=342803d1cc4e3b801742236088b78eb1"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"1019.filemail.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481080/; classtype:trojan-activity;sid:84344180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.97.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481079/; classtype:trojan-activity;sid:84344179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481077)"; flow:established,from_client; content:"GET"; http_method; content:"/admin-admin/bpemvyr142.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"planachiever.au"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481077/; classtype:trojan-activity;sid:84344177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481078)"; flow:established,from_client; content:"GET"; http_method; content:"/admin-admin/belejrers.fla"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"planachiever.au"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481078/; classtype:trojan-activity;sid:84344178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481076)"; flow:established,from_client; content:"GET"; http_method; content:"/ngeeto/edxuin.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"eficienciaeningenieria.com.mx"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481076/; classtype:trojan-activity;sid:84344176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.138.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481075/; classtype:trojan-activity;sid:84344175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.142.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481074/; classtype:trojan-activity;sid:84344174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.97.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481071/; classtype:trojan-activity;sid:84344171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.161.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481072/; classtype:trojan-activity;sid:84344172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.15.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481073/; classtype:trojan-activity;sid:84344173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.62.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481070/; classtype:trojan-activity;sid:84344170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.253.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481069/; classtype:trojan-activity;sid:84344169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481067)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.196.9.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481067/; classtype:trojan-activity;sid:84344167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481068)"; flow:established,from_client; content:"GET"; http_method; content:"/hmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.196.9.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481068/; classtype:trojan-activity;sid:84344168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.79.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481066/; classtype:trojan-activity;sid:84344166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.194.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481065/; classtype:trojan-activity;sid:84344165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.163.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481064/; classtype:trojan-activity;sid:84344164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.215.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481063/; classtype:trojan-activity;sid:84344163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.138.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481061/; classtype:trojan-activity;sid:84344161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.124.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481062/; classtype:trojan-activity;sid:84344162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481060)"; flow:established,from_client; content:"GET"; http_method; content:"/spawn-fcgi-2"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"209.38.33.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481060/; classtype:trojan-activity;sid:84344160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481059)"; flow:established,from_client; content:"GET"; http_method; content:"/spawn-fcgi-1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"164.92.190.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481059/; classtype:trojan-activity;sid:84344159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.14.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481058/; classtype:trojan-activity;sid:84344158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481056)"; flow:established,from_client; content:"GET"; http_method; content:"/data"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.92.211.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481056/; classtype:trojan-activity;sid:84344156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481057)"; flow:established,from_client; content:"GET"; http_method; content:"/data"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"134.209.250.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481057/; classtype:trojan-activity;sid:84344157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.194.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481055/; classtype:trojan-activity;sid:84344155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481054)"; flow:established,from_client; content:"GET"; http_method; content:"/ngbee/ngqabn.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"eficienciaeningenieria.com.mx"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481054/; classtype:trojan-activity;sid:84344154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481053)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.59.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481053/; classtype:trojan-activity;sid:84344153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.55.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481052/; classtype:trojan-activity;sid:84344152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481051)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.141.59.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481051/; classtype:trojan-activity;sid:84344151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481049)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.141.59.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481049/; classtype:trojan-activity;sid:84344149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481050)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.59.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481050/; classtype:trojan-activity;sid:84344150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481041)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.141.59.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481041/; classtype:trojan-activity;sid:84344141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481042)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.141.59.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481042/; classtype:trojan-activity;sid:84344142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481043)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.141.59.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481043/; classtype:trojan-activity;sid:84344143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481044)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.141.59.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481044/; classtype:trojan-activity;sid:84344144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481045)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.59.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481045/; classtype:trojan-activity;sid:84344145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481046)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.59.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481046/; classtype:trojan-activity;sid:84344146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481047)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.59.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481047/; classtype:trojan-activity;sid:84344147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481048)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.59.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481048/; classtype:trojan-activity;sid:84344148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.215.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481040/; classtype:trojan-activity;sid:84344140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.156.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481039/; classtype:trojan-activity;sid:84344139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.79.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481038/; classtype:trojan-activity;sid:84344138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.35.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481037/; classtype:trojan-activity;sid:84344137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.216.217.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481036/; classtype:trojan-activity;sid:84344136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.198.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481035/; classtype:trojan-activity;sid:84344135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.113.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481034/; classtype:trojan-activity;sid:84344134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481032)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/devil.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481032/; classtype:trojan-activity;sid:84344132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481033)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/dev.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481033/; classtype:trojan-activity;sid:84344133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481031)"; flow:established,from_client; content:"GET"; http_method; content:"/dev/bbelieve.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.144.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481031/; classtype:trojan-activity;sid:84344131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481030)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.81.68.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481030/; classtype:trojan-activity;sid:84344130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481029)"; flow:established,from_client; content:"GET"; http_method; content:"/tty.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.81.68.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481029/; classtype:trojan-activity;sid:84344129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481028)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/seen/verynicewomenformygirlfriend.hta"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"198.46.132.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481028/; classtype:trojan-activity;sid:84344128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.79.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481027/; classtype:trojan-activity;sid:84344127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.154.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481026/; classtype:trojan-activity;sid:84344126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.55.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481025/; classtype:trojan-activity;sid:84344125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481023)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/kk/kko.gif"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"141.98.10.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481023/; classtype:trojan-activity;sid:84344123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481024)"; flow:established,from_client; content:"GET"; http_method; content:"/api/file/get|3f|filekey=xhvdzs_biwil1wfz-fik-jwhut6e4sc9jomscnglozfrapkrqukvol8sgwllmgaxzka|7c|26|7c|pk_vid=342803d1cc4e3b80174118010680a5ef"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"1011.filemail.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481024/; classtype:trojan-activity;sid:84344124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.113.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481022/; classtype:trojan-activity;sid:84344122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.196.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481021/; classtype:trojan-activity;sid:84344121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.237.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481019/; classtype:trojan-activity;sid:84344119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.24.129.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481020/; classtype:trojan-activity;sid:84344120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.95.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481018/; classtype:trojan-activity;sid:84344118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.145.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481017/; classtype:trojan-activity;sid:84344117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.140.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481016/; classtype:trojan-activity;sid:84344116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.192.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481015/; classtype:trojan-activity;sid:84344115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.143.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481014/; classtype:trojan-activity;sid:84344114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.111.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481013/; classtype:trojan-activity;sid:84344113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.88.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481012/; classtype:trojan-activity;sid:84344112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.154.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481011/; classtype:trojan-activity;sid:84344111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481007)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.59.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481007/; classtype:trojan-activity;sid:84344107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.85.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481008/; classtype:trojan-activity;sid:84344108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481009)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.251.115.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481009/; classtype:trojan-activity;sid:84344109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.87.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481010/; classtype:trojan-activity;sid:84344110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.189.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481006/; classtype:trojan-activity;sid:84344106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.80.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481005/; classtype:trojan-activity;sid:84344105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.24.129.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481004/; classtype:trojan-activity;sid:84344104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.196.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481003/; classtype:trojan-activity;sid:84344103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.62.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481002/; classtype:trojan-activity;sid:84344102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.116.103.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481001/; classtype:trojan-activity;sid:84344101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481000/; classtype:trojan-activity;sid:84344100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.237.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480999/; classtype:trojan-activity;sid:84344099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.36.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480997/; classtype:trojan-activity;sid:84344097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.198.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480998/; classtype:trojan-activity;sid:84344098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.145.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480996/; classtype:trojan-activity;sid:84344096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.95.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480995/; classtype:trojan-activity;sid:84344095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.143.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480994/; classtype:trojan-activity;sid:84344094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.80.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480993/; classtype:trojan-activity;sid:84344093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.129.51.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480992/; classtype:trojan-activity;sid:84344092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.189.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480991/; classtype:trojan-activity;sid:84344091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.88.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480990/; classtype:trojan-activity;sid:84344090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.45.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480989/; classtype:trojan-activity;sid:84344089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.36.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480988/; classtype:trojan-activity;sid:84344088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.49.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480987/; classtype:trojan-activity;sid:84344087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.138.12.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480986/; classtype:trojan-activity;sid:84344086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480985)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.5.1.141"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480985/; classtype:trojan-activity;sid:84344085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.108.24.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480984/; classtype:trojan-activity;sid:84344084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.93.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480981/; classtype:trojan-activity;sid:84344081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.8.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480982/; classtype:trojan-activity;sid:84344082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.195.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480983/; classtype:trojan-activity;sid:84344083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.40.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480980/; classtype:trojan-activity;sid:84344080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.144.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480979/; classtype:trojan-activity;sid:84344079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.85.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480978/; classtype:trojan-activity;sid:84344078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.36.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480977/; classtype:trojan-activity;sid:84344077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.62.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480976/; classtype:trojan-activity;sid:84344076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.191.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480975/; classtype:trojan-activity;sid:84344075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.221.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480974/; classtype:trojan-activity;sid:84344074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.49.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480973/; classtype:trojan-activity;sid:84344073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480972/; classtype:trojan-activity;sid:84344072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.91.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480971/; classtype:trojan-activity;sid:84344071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.99.211.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480970/; classtype:trojan-activity;sid:84344070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.0.16"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480969/; classtype:trojan-activity;sid:84344069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.167.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480968/; classtype:trojan-activity;sid:84344068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.172.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480967/; classtype:trojan-activity;sid:84344067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.143.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480966/; classtype:trojan-activity;sid:84344066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.29.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480965/; classtype:trojan-activity;sid:84344065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.81.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480964/; classtype:trojan-activity;sid:84344064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.191.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480963/; classtype:trojan-activity;sid:84344063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.127.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480961/; classtype:trojan-activity;sid:84344061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.248.37.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480962/; classtype:trojan-activity;sid:84344062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.221.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480960/; classtype:trojan-activity;sid:84344060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.82.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480959/; classtype:trojan-activity;sid:84344059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480958/; classtype:trojan-activity;sid:84344058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.91.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480957/; classtype:trojan-activity;sid:84344057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.99.211.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480956/; classtype:trojan-activity;sid:84344056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.19.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480955/; classtype:trojan-activity;sid:84344055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.22.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480954/; classtype:trojan-activity;sid:84344054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.167.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480953/; classtype:trojan-activity;sid:84344053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.81.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480952/; classtype:trojan-activity;sid:84344052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.172.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480951/; classtype:trojan-activity;sid:84344051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480950/; classtype:trojan-activity;sid:84344050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.248.37.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480949/; classtype:trojan-activity;sid:84344049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.220.138.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480948/; classtype:trojan-activity;sid:84344048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.25.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480947/; classtype:trojan-activity;sid:84344047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.141.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480946/; classtype:trojan-activity;sid:84344046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.163.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480945/; classtype:trojan-activity;sid:84344045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480944/; classtype:trojan-activity;sid:84344044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.22.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480943/; classtype:trojan-activity;sid:84344043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.87.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480942/; classtype:trojan-activity;sid:84344042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.19.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480941/; classtype:trojan-activity;sid:84344041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.151.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480940/; classtype:trojan-activity;sid:84344040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.10.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480939/; classtype:trojan-activity;sid:84344039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.114.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480938/; classtype:trojan-activity;sid:84344038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.87.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480937/; classtype:trojan-activity;sid:84344037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.168.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480936/; classtype:trojan-activity;sid:84344036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.91.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480935/; classtype:trojan-activity;sid:84344035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.105.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480934/; classtype:trojan-activity;sid:84344034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.220.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480933/; classtype:trojan-activity;sid:84344033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480932/; classtype:trojan-activity;sid:84344032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.141.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480931/; classtype:trojan-activity;sid:84344031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.80.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480929/; classtype:trojan-activity;sid:84344029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.145.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480930/; classtype:trojan-activity;sid:84344030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.1.24.17"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480928/; classtype:trojan-activity;sid:84344028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.211.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480927/; classtype:trojan-activity;sid:84344027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.29.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480926/; classtype:trojan-activity;sid:84344026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.17.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480925/; classtype:trojan-activity;sid:84344025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.114.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480924/; classtype:trojan-activity;sid:84344024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.33.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480923/; classtype:trojan-activity;sid:84344023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.151.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480922/; classtype:trojan-activity;sid:84344022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.1.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480921/; classtype:trojan-activity;sid:84344021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480920/; classtype:trojan-activity;sid:84344020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.183.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480919/; classtype:trojan-activity;sid:84344019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.161.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480918/; classtype:trojan-activity;sid:84344018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.50.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480917/; classtype:trojan-activity;sid:84344017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.119.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480916/; classtype:trojan-activity;sid:84344016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.122.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480915/; classtype:trojan-activity;sid:84344015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.179.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480914/; classtype:trojan-activity;sid:84344014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.32.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480913/; classtype:trojan-activity;sid:84344013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.245.2.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480912/; classtype:trojan-activity;sid:84344012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.33.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480911/; classtype:trojan-activity;sid:84344011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480909/; classtype:trojan-activity;sid:84344009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.180.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480910/; classtype:trojan-activity;sid:84344010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.102.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480908/; classtype:trojan-activity;sid:84344008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.84.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480907/; classtype:trojan-activity;sid:84344007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.10.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480905/; classtype:trojan-activity;sid:84344005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.139.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480906/; classtype:trojan-activity;sid:84344006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.1.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480904/; classtype:trojan-activity;sid:84344004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.102.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480903/; classtype:trojan-activity;sid:84344003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.50.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480902/; classtype:trojan-activity;sid:84344002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.194.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480901/; classtype:trojan-activity;sid:84344001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.119.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480900/; classtype:trojan-activity;sid:84344000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.122.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480899/; classtype:trojan-activity;sid:84343999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480897)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.77.246.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480897/; classtype:trojan-activity;sid:84343997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480898)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.77.246.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480898/; classtype:trojan-activity;sid:84343998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480896)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.77.246.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480896/; classtype:trojan-activity;sid:84343996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480895)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.77.246.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480895/; classtype:trojan-activity;sid:84343995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480887)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.77.246.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480887/; classtype:trojan-activity;sid:84343987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480888)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.77.246.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480888/; classtype:trojan-activity;sid:84343988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480889)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.77.246.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480889/; classtype:trojan-activity;sid:84343989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480890)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.77.246.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480890/; classtype:trojan-activity;sid:84343990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480891)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.77.246.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480891/; classtype:trojan-activity;sid:84343991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480892)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.77.246.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480892/; classtype:trojan-activity;sid:84343992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480893)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.77.246.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480893/; classtype:trojan-activity;sid:84343993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480894)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.77.246.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480894/; classtype:trojan-activity;sid:84343994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.80.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480886/; classtype:trojan-activity;sid:84343986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480885/; classtype:trojan-activity;sid:84343985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.179.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480884/; classtype:trojan-activity;sid:84343984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.105.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480882/; classtype:trojan-activity;sid:84343982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.87.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480883/; classtype:trojan-activity;sid:84343983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.102.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480881/; classtype:trojan-activity;sid:84343981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.194.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480879/; classtype:trojan-activity;sid:84343979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.66.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480880/; classtype:trojan-activity;sid:84343980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.139.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480878/; classtype:trojan-activity;sid:84343978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.82.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480877/; classtype:trojan-activity;sid:84343977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.12.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480876/; classtype:trojan-activity;sid:84343976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.141.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480875/; classtype:trojan-activity;sid:84343975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.202.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480874/; classtype:trojan-activity;sid:84343974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.200.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480873/; classtype:trojan-activity;sid:84343973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.135.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480872/; classtype:trojan-activity;sid:84343972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.39.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480871/; classtype:trojan-activity;sid:84343971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.166.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480870/; classtype:trojan-activity;sid:84343970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.28.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480869/; classtype:trojan-activity;sid:84343969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.66.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480868/; classtype:trojan-activity;sid:84343968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.127.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480867/; classtype:trojan-activity;sid:84343967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.104.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480866/; classtype:trojan-activity;sid:84343966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.194.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480865/; classtype:trojan-activity;sid:84343965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.57.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480864/; classtype:trojan-activity;sid:84343964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.160.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480863/; classtype:trojan-activity;sid:84343963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480862/; classtype:trojan-activity;sid:84343962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.92.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480861/; classtype:trojan-activity;sid:84343961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.131.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480860/; classtype:trojan-activity;sid:84343960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.12.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480859/; classtype:trojan-activity;sid:84343959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.113.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480858/; classtype:trojan-activity;sid:84343958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.4.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480857/; classtype:trojan-activity;sid:84343957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.147.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480856/; classtype:trojan-activity;sid:84343956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.25.9"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480855/; classtype:trojan-activity;sid:84343955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.39.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480854/; classtype:trojan-activity;sid:84343954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.104.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480853/; classtype:trojan-activity;sid:84343953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.135.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480852/; classtype:trojan-activity;sid:84343952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.11.54.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480851/; classtype:trojan-activity;sid:84343951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.194.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480850/; classtype:trojan-activity;sid:84343950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.141.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480849/; classtype:trojan-activity;sid:84343949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.207.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480848/; classtype:trojan-activity;sid:84343948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.33.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480847/; classtype:trojan-activity;sid:84343947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.113.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480846/; classtype:trojan-activity;sid:84343946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.147.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480845/; classtype:trojan-activity;sid:84343945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.255.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480844/; classtype:trojan-activity;sid:84343944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.161.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480843/; classtype:trojan-activity;sid:84343943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.60.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480842/; classtype:trojan-activity;sid:84343942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.45.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480841/; classtype:trojan-activity;sid:84343941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.194.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480840/; classtype:trojan-activity;sid:84343940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.207.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480839/; classtype:trojan-activity;sid:84343939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.24.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480838/; classtype:trojan-activity;sid:84343938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.142.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480837/; classtype:trojan-activity;sid:84343937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.176.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480835/; classtype:trojan-activity;sid:84343935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480836)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.245.166.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480836/; classtype:trojan-activity;sid:84343936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.60.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480834/; classtype:trojan-activity;sid:84343934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.156.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480833/; classtype:trojan-activity;sid:84343933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.61.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480832/; classtype:trojan-activity;sid:84343932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.141.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480831/; classtype:trojan-activity;sid:84343931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.92.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480830/; classtype:trojan-activity;sid:84343930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.97.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480829/; classtype:trojan-activity;sid:84343929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.40.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480828/; classtype:trojan-activity;sid:84343928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.129.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480827/; classtype:trojan-activity;sid:84343927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.177.97.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480826/; classtype:trojan-activity;sid:84343926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.200.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480825/; classtype:trojan-activity;sid:84343925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.49.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480824/; classtype:trojan-activity;sid:84343924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.62.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480823/; classtype:trojan-activity;sid:84343923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.42.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480822/; classtype:trojan-activity;sid:84343922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.191.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480821/; classtype:trojan-activity;sid:84343921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.232.8.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480820/; classtype:trojan-activity;sid:84343920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.141.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480819/; classtype:trojan-activity;sid:84343919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.61.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480818/; classtype:trojan-activity;sid:84343918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.53.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480817/; classtype:trojan-activity;sid:84343917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.203.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480816/; classtype:trojan-activity;sid:84343916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.235.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480814/; classtype:trojan-activity;sid:84343914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.40.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480815/; classtype:trojan-activity;sid:84343915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.232.8.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480813/; classtype:trojan-activity;sid:84343913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.92.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480812/; classtype:trojan-activity;sid:84343912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480811)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.13.245"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480811/; classtype:trojan-activity;sid:84343911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.237.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480810/; classtype:trojan-activity;sid:84343910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.104.221.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480809/; classtype:trojan-activity;sid:84343909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.111.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480807/; classtype:trojan-activity;sid:84343907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.177.97.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480808/; classtype:trojan-activity;sid:84343908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.1.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480806/; classtype:trojan-activity;sid:84343906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.62.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480805/; classtype:trojan-activity;sid:84343905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.141.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480804/; classtype:trojan-activity;sid:84343904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.142.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480803/; classtype:trojan-activity;sid:84343903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.203.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480802/; classtype:trojan-activity;sid:84343902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.235.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480801/; classtype:trojan-activity;sid:84343901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.19.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480800/; classtype:trojan-activity;sid:84343900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.237.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480799/; classtype:trojan-activity;sid:84343899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.135.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480798/; classtype:trojan-activity;sid:84343898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.104.221.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480795/; classtype:trojan-activity;sid:84343895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.1.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480796/; classtype:trojan-activity;sid:84343896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.49.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480797/; classtype:trojan-activity;sid:84343897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.204.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480794/; classtype:trojan-activity;sid:84343894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.31.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480793/; classtype:trojan-activity;sid:84343893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480792/; classtype:trojan-activity;sid:84343892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.19.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480791/; classtype:trojan-activity;sid:84343891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.116.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480790/; classtype:trojan-activity;sid:84343890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.245.2.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480789/; classtype:trojan-activity;sid:84343889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.163.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480788/; classtype:trojan-activity;sid:84343888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480787/; classtype:trojan-activity;sid:84343887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.160.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480786/; classtype:trojan-activity;sid:84343886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.111.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480784/; classtype:trojan-activity;sid:84343884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.113.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480785/; classtype:trojan-activity;sid:84343885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.32.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480782/; classtype:trojan-activity;sid:84343882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480783/; classtype:trojan-activity;sid:84343883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.142.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480781/; classtype:trojan-activity;sid:84343881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.173.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480780/; classtype:trojan-activity;sid:84343880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.240.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480779/; classtype:trojan-activity;sid:84343879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.103.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480778/; classtype:trojan-activity;sid:84343878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.0.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480777/; classtype:trojan-activity;sid:84343877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480776)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.50.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480776/; classtype:trojan-activity;sid:84343876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.28.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480775/; classtype:trojan-activity;sid:84343875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.130.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480770/; classtype:trojan-activity;sid:84343870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.10.147.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480771/; classtype:trojan-activity;sid:84343871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.172.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480772/; classtype:trojan-activity;sid:84343872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.125.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480773/; classtype:trojan-activity;sid:84343873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.43.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480774/; classtype:trojan-activity;sid:84343874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.206.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480767/; classtype:trojan-activity;sid:84343867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480768)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480768/; classtype:trojan-activity;sid:84343868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480769/; classtype:trojan-activity;sid:84343869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.203.72.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480766/; classtype:trojan-activity;sid:84343866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.94.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480765/; classtype:trojan-activity;sid:84343865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.232.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480763/; classtype:trojan-activity;sid:84343863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.94.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480764/; classtype:trojan-activity;sid:84343864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.11.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480761/; classtype:trojan-activity;sid:84343861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.107.95.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480762/; classtype:trojan-activity;sid:84343862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.93.93.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480760/; classtype:trojan-activity;sid:84343860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.160.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3480759/; classtype:trojan-activity;sid:84343859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.19.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480758/; classtype:trojan-activity;sid:84343858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.212.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480757/; classtype:trojan-activity;sid:84343857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.214.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480756/; classtype:trojan-activity;sid:84343856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.64.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480754/; classtype:trojan-activity;sid:84343854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.233.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480755/; classtype:trojan-activity;sid:84343855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480753/; classtype:trojan-activity;sid:84343853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.82.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480751/; classtype:trojan-activity;sid:84343851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.104.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480752/; classtype:trojan-activity;sid:84343852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.127.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480750/; classtype:trojan-activity;sid:84343850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.179.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480749/; classtype:trojan-activity;sid:84343849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480748/; classtype:trojan-activity;sid:84343848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.173.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480747/; classtype:trojan-activity;sid:84343847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.53.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480746/; classtype:trojan-activity;sid:84343846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.242.128.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480745/; classtype:trojan-activity;sid:84343845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.0.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480744/; classtype:trojan-activity;sid:84343844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.167.94.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480743/; classtype:trojan-activity;sid:84343843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.123.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480742/; classtype:trojan-activity;sid:84343842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.88.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480741/; classtype:trojan-activity;sid:84343841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.43.168.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480740/; classtype:trojan-activity;sid:84343840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.113.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480739/; classtype:trojan-activity;sid:84343839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.216.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480738/; classtype:trojan-activity;sid:84343838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.62.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480735/; classtype:trojan-activity;sid:84343835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.213.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480736/; classtype:trojan-activity;sid:84343836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.168.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480737/; classtype:trojan-activity;sid:84343837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.93.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480732/; classtype:trojan-activity;sid:84343832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480733)"; flow:established,from_client; content:"GET"; http_method; content:"/b/mips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.87.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480733/; classtype:trojan-activity;sid:84343833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.206.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480734/; classtype:trojan-activity;sid:84343834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.1.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480731/; classtype:trojan-activity;sid:84343831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480729/; classtype:trojan-activity;sid:84343829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.82.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480730/; classtype:trojan-activity;sid:84343830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.76.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480728/; classtype:trojan-activity;sid:84343828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.153.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480727/; classtype:trojan-activity;sid:84343827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480726/; classtype:trojan-activity;sid:84343826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.104.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480724/; classtype:trojan-activity;sid:84343824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.242.128.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480725/; classtype:trojan-activity;sid:84343825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.219.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480723/; classtype:trojan-activity;sid:84343823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.103.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480722/; classtype:trojan-activity;sid:84343822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480721/; classtype:trojan-activity;sid:84343821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.0.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480720/; classtype:trojan-activity;sid:84343820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.167.94.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480719/; classtype:trojan-activity;sid:84343819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.123.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480717/; classtype:trojan-activity;sid:84343817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.216.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480718/; classtype:trojan-activity;sid:84343818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.43.168.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480716/; classtype:trojan-activity;sid:84343816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.192.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480715/; classtype:trojan-activity;sid:84343815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.202.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480714/; classtype:trojan-activity;sid:84343814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.76.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480713/; classtype:trojan-activity;sid:84343813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.40.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480712/; classtype:trojan-activity;sid:84343812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.88.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480711/; classtype:trojan-activity;sid:84343811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.246.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480710/; classtype:trojan-activity;sid:84343810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480709)"; flow:established,from_client; content:"GET"; http_method; content:"/zborzr7ljj.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.resolutestumble.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480709/; classtype:trojan-activity;sid:84343809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.19.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480708/; classtype:trojan-activity;sid:84343808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.69.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480707/; classtype:trojan-activity;sid:84343807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.53.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480706/; classtype:trojan-activity;sid:84343806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.95.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480705/; classtype:trojan-activity;sid:84343805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.246.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480704/; classtype:trojan-activity;sid:84343804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.95.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480703/; classtype:trojan-activity;sid:84343803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.153.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480702/; classtype:trojan-activity;sid:84343802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.89.221.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480701/; classtype:trojan-activity;sid:84343801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.21.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480700/; classtype:trojan-activity;sid:84343800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.69.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480699/; classtype:trojan-activity;sid:84343799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.3.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480698/; classtype:trojan-activity;sid:84343798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.95.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480697/; classtype:trojan-activity;sid:84343797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.236.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480696/; classtype:trojan-activity;sid:84343796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.76.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480695/; classtype:trojan-activity;sid:84343795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.169.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480694/; classtype:trojan-activity;sid:84343794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.225.49.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480693/; classtype:trojan-activity;sid:84343793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.66.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480692/; classtype:trojan-activity;sid:84343792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.225.49.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480691/; classtype:trojan-activity;sid:84343791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.42.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480690/; classtype:trojan-activity;sid:84343790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.106.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480689/; classtype:trojan-activity;sid:84343789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.189.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480688/; classtype:trojan-activity;sid:84343788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480687)"; flow:established,from_client; content:"GET"; http_method; content:"/oitpu2xkps.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.resolutestumble.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480687/; classtype:trojan-activity;sid:84343787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.118.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480686/; classtype:trojan-activity;sid:84343786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.24.36.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480685/; classtype:trojan-activity;sid:84343785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.140.81.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480684/; classtype:trojan-activity;sid:84343784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480683/; classtype:trojan-activity;sid:84343783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.189.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480682/; classtype:trojan-activity;sid:84343782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.6.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480681/; classtype:trojan-activity;sid:84343781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.130.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480680/; classtype:trojan-activity;sid:84343780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.6.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480679/; classtype:trojan-activity;sid:84343779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.36.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480678/; classtype:trojan-activity;sid:84343778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480677/; classtype:trojan-activity;sid:84343777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.127.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480676/; classtype:trojan-activity;sid:84343776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.49.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480675/; classtype:trojan-activity;sid:84343775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480674)"; flow:established,from_client; content:"GET"; http_method; content:"/resgod.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"104.168.101.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480674/; classtype:trojan-activity;sid:84343774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.130.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480673/; classtype:trojan-activity;sid:84343773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.127.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480672/; classtype:trojan-activity;sid:84343772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.90.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480671/; classtype:trojan-activity;sid:84343771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.11.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480669/; classtype:trojan-activity;sid:84343769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.31.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480670/; classtype:trojan-activity;sid:84343770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.1.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480668/; classtype:trojan-activity;sid:84343768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.180.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480667/; classtype:trojan-activity;sid:84343767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.4.41"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480666/; classtype:trojan-activity;sid:84343766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.93.93.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480665/; classtype:trojan-activity;sid:84343765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.129.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480664/; classtype:trojan-activity;sid:84343764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480663)"; flow:established,from_client; content:"GET"; http_method; content:"/t4ui3n5lbf.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.resolutestumble.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480663/; classtype:trojan-activity;sid:84343763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.23.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480662/; classtype:trojan-activity;sid:84343762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.168.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480661/; classtype:trojan-activity;sid:84343761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.160.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480660/; classtype:trojan-activity;sid:84343760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.0.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480659/; classtype:trojan-activity;sid:84343759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.180.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480658/; classtype:trojan-activity;sid:84343758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.129.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480657/; classtype:trojan-activity;sid:84343757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.123.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480656/; classtype:trojan-activity;sid:84343756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.148.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480655/; classtype:trojan-activity;sid:84343755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.60.233.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480654/; classtype:trojan-activity;sid:84343754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.49.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480653/; classtype:trojan-activity;sid:84343753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.249.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480652/; classtype:trojan-activity;sid:84343752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.91.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480651/; classtype:trojan-activity;sid:84343751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.118.243.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480650/; classtype:trojan-activity;sid:84343750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.60.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480649/; classtype:trojan-activity;sid:84343749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480648)"; flow:established,from_client; content:"GET"; http_method; content:"/checks/hotelsmanagementlaunchersx32bitservice.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"etrendtwist.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480648/; classtype:trojan-activity;sid:84343748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480647)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"booking-recapturemarch-95038239.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480647/; classtype:trojan-activity;sid:84343747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480645)"; flow:established,from_client; content:"GET"; http_method; content:"/checks/humanchallengecaptha.txt"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"etrendtwist.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480645/; classtype:trojan-activity;sid:84343745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480646)"; flow:established,from_client; content:"GET"; http_method; content:"/q3lw855z0j3zn2or2wio8yjq9pnoszicdtf"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"tomahawkgear.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480646/; classtype:trojan-activity;sid:84343746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.123.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480644/; classtype:trojan-activity;sid:84343744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.23.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480643/; classtype:trojan-activity;sid:84343743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.89.35.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480642/; classtype:trojan-activity;sid:84343742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.84.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480641/; classtype:trojan-activity;sid:84343741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.91.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480640/; classtype:trojan-activity;sid:84343740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.163.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480639/; classtype:trojan-activity;sid:84343739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.60.233.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480638/; classtype:trojan-activity;sid:84343738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.56.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480637/; classtype:trojan-activity;sid:84343737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.48.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480636/; classtype:trojan-activity;sid:84343736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.154.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480635/; classtype:trojan-activity;sid:84343735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480634)"; flow:established,from_client; content:"GET"; http_method; content:"/uiep0jysop.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.resolutestumble.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480634/; classtype:trojan-activity;sid:84343734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.234.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480633/; classtype:trojan-activity;sid:84343733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.241.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480632/; classtype:trojan-activity;sid:84343732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"qohelp.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480630/; classtype:trojan-activity;sid:84343730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"pn3699log.gishelp.top"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480631/; classtype:trojan-activity;sid:84343731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.uaihelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480629/; classtype:trojan-activity;sid:84343729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.xohhelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480627/; classtype:trojan-activity;sid:84343727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"web.uaihelp.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480628/; classtype:trojan-activity;sid:84343728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"m.xohhelp.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480626/; classtype:trojan-activity;sid:84343726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.60.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480625/; classtype:trojan-activity;sid:84343725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480622)"; flow:established,from_client; content:"GET"; http_method; content:"/tarm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.9.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480622/; classtype:trojan-activity;sid:84343722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480623)"; flow:established,from_client; content:"GET"; http_method; content:"/tsh4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.9.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480623/; classtype:trojan-activity;sid:84343723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480624)"; flow:established,from_client; content:"GET"; http_method; content:"/tmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.196.9.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480624/; classtype:trojan-activity;sid:84343724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.89.35.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480621/; classtype:trojan-activity;sid:84343721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480620)"; flow:established,from_client; content:"GET"; http_method; content:"/t3-mh1-031720"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tinyurl.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480620/; classtype:trojan-activity;sid:84343720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.54.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480619/; classtype:trojan-activity;sid:84343719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480618)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/jilrq6ix8zawo0sxxae34/t3.zip|3f|rlkey=s8rr5tdcgngid6xu80hiitv43|7c|26|7c|st=i6clmk71|7c|26|7c|dl=1"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480618/; classtype:trojan-activity;sid:84343718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480616)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/u/raw/main/ud.bat"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480616/; classtype:trojan-activity;sid:84343716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.81.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480617/; classtype:trojan-activity;sid:84343717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.163.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480615/; classtype:trojan-activity;sid:84343715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.95.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480614/; classtype:trojan-activity;sid:84343714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.48.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480613/; classtype:trojan-activity;sid:84343713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.154.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480612/; classtype:trojan-activity;sid:84343712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.45.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480610/; classtype:trojan-activity;sid:84343710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480611)"; flow:established,from_client; content:"GET"; http_method; content:"/cd/0/get/cma045nazkdcjluvbexicfbzkt2dooqp3bqgsiw6t4lanh6nlm6lidweysmpdava0hee9p7qedu-6iaumoysdtgtubki-zb2kvq2vc-rxqkcyg5onoinl7bcsf0ygva3hnzpvrw8lxbof0uuudvxxq4l/file|3f|dl=1"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"uc84339cad0a8e717a66cc2a9255.dl.dropboxusercontent.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480611/; classtype:trojan-activity;sid:84343711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.244.88.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480609/; classtype:trojan-activity;sid:84343709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.243.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480608/; classtype:trojan-activity;sid:84343708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480607)"; flow:established,from_client; content:"GET"; http_method; content:"/oss.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.98.48.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480607/; classtype:trojan-activity;sid:84343707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480606)"; flow:established,from_client; content:"GET"; http_method; content:"/kworker"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"198.98.48.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480606/; classtype:trojan-activity;sid:84343706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.249.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480605/; classtype:trojan-activity;sid:84343705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.45.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480604/; classtype:trojan-activity;sid:84343704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480603)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.36.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480603/; classtype:trojan-activity;sid:84343703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480602)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480602/; classtype:trojan-activity;sid:84343702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480599)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480599/; classtype:trojan-activity;sid:84343699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480600)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480600/; classtype:trojan-activity;sid:84343700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480601)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480601/; classtype:trojan-activity;sid:84343701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480598)"; flow:established,from_client; content:"GET"; http_method; content:"/profilelayout"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"login.icvpartners.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480598/; classtype:trojan-activity;sid:84343698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.166.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480597/; classtype:trojan-activity;sid:84343697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480588)"; flow:established,from_client; content:"GET"; http_method; content:"/kaizen.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480588/; classtype:trojan-activity;sid:84343688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480589)"; flow:established,from_client; content:"GET"; http_method; content:"/kaizen.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480589/; classtype:trojan-activity;sid:84343689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480590)"; flow:established,from_client; content:"GET"; http_method; content:"/kaizen.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480590/; classtype:trojan-activity;sid:84343690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480591)"; flow:established,from_client; content:"GET"; http_method; content:"/kaizen.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480591/; classtype:trojan-activity;sid:84343691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480592)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480592/; classtype:trojan-activity;sid:84343692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480593)"; flow:established,from_client; content:"GET"; http_method; content:"/kaizen.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480593/; classtype:trojan-activity;sid:84343693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480594)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480594/; classtype:trojan-activity;sid:84343694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480595)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480595/; classtype:trojan-activity;sid:84343695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480596)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480596/; classtype:trojan-activity;sid:84343696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480578)"; flow:established,from_client; content:"GET"; http_method; content:"/kaizen.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480578/; classtype:trojan-activity;sid:84343678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480579)"; flow:established,from_client; content:"GET"; http_method; content:"/kaizen.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480579/; classtype:trojan-activity;sid:84343679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480580)"; flow:established,from_client; content:"GET"; http_method; content:"/kaizen.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480580/; classtype:trojan-activity;sid:84343680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480581)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480581/; classtype:trojan-activity;sid:84343681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480582)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480582/; classtype:trojan-activity;sid:84343682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480583)"; flow:established,from_client; content:"GET"; http_method; content:"/kaizen.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480583/; classtype:trojan-activity;sid:84343683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480584)"; flow:established,from_client; content:"GET"; http_method; content:"/kaizen.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480584/; classtype:trojan-activity;sid:84343684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480585)"; flow:established,from_client; content:"GET"; http_method; content:"/kaizen.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480585/; classtype:trojan-activity;sid:84343685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480586)"; flow:established,from_client; content:"GET"; http_method; content:"/kaizen.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480586/; classtype:trojan-activity;sid:84343686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480587)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480587/; classtype:trojan-activity;sid:84343687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.83.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480577/; classtype:trojan-activity;sid:84343677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480576)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ssh.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480576/; classtype:trojan-activity;sid:84343676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480572)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.36.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480572/; classtype:trojan-activity;sid:84343672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480573)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.36.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480573/; classtype:trojan-activity;sid:84343673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480574)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.141.36.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480574/; classtype:trojan-activity;sid:84343674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480575)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.36.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480575/; classtype:trojan-activity;sid:84343675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480563)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kaizen.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480563/; classtype:trojan-activity;sid:84343663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480564)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ssh.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480564/; classtype:trojan-activity;sid:84343664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480565)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kaizen.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480565/; classtype:trojan-activity;sid:84343665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480566)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.141.36.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480566/; classtype:trojan-activity;sid:84343666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480567)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.36.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480567/; classtype:trojan-activity;sid:84343667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480568)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.141.36.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480568/; classtype:trojan-activity;sid:84343668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480569)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.141.36.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480569/; classtype:trojan-activity;sid:84343669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480570)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.36.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480570/; classtype:trojan-activity;sid:84343670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480571)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"209.141.36.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480571/; classtype:trojan-activity;sid:84343671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480562)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cnc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480562/; classtype:trojan-activity;sid:84343662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480558)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ssh.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480558/; classtype:trojan-activity;sid:84343658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480559)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kaizen.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480559/; classtype:trojan-activity;sid:84343659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480560)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kaizen.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480560/; classtype:trojan-activity;sid:84343660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480561)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ssh.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480561/; classtype:trojan-activity;sid:84343661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480554)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ssh.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480554/; classtype:trojan-activity;sid:84343654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480555)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kaizen.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480555/; classtype:trojan-activity;sid:84343655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480556)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/huawei"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480556/; classtype:trojan-activity;sid:84343656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480557)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/scan.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480557/; classtype:trojan-activity;sid:84343657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480552)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/scan.x32"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480552/; classtype:trojan-activity;sid:84343652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480553)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kaizen.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480553/; classtype:trojan-activity;sid:84343653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480543)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kaizen.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480543/; classtype:trojan-activity;sid:84343643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480544)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kaizen.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480544/; classtype:trojan-activity;sid:84343644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480545)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kaizen.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480545/; classtype:trojan-activity;sid:84343645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480546)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ssh.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480546/; classtype:trojan-activity;sid:84343646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480547)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kaizen.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480547/; classtype:trojan-activity;sid:84343647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480548)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kaizen.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480548/; classtype:trojan-activity;sid:84343648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480549)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ssh.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480549/; classtype:trojan-activity;sid:84343649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480550)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ssh.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480550/; classtype:trojan-activity;sid:84343650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480551)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kaizen.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.189.4.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480551/; classtype:trojan-activity;sid:84343651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.54.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480542/; classtype:trojan-activity;sid:84343642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.244.88.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480541/; classtype:trojan-activity;sid:84343641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480539)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/iyj01phbm9h.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480539/; classtype:trojan-activity;sid:84343639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480540)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/4yx3rtukqdu.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480540/; classtype:trojan-activity;sid:84343640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480529)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/8k192cky7a5.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480529/; classtype:trojan-activity;sid:84343629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480530)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/fs5p0dpmnsi.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480530/; classtype:trojan-activity;sid:84343630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480531)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/qh8i8y7jzml.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480531/; classtype:trojan-activity;sid:84343631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480532)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/pzwax7v4y3p.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480532/; classtype:trojan-activity;sid:84343632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480533)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/1w2zj9q9aky.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480533/; classtype:trojan-activity;sid:84343633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480534)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/t4owrsgni3.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480534/; classtype:trojan-activity;sid:84343634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480535)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/btuh5w1ff8n.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480535/; classtype:trojan-activity;sid:84343635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480536)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rql5j8sfus.bin"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480536/; classtype:trojan-activity;sid:84343636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480537)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/x769kwpjldk.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480537/; classtype:trojan-activity;sid:84343637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480538)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/xvi43yqgo4j.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480538/; classtype:trojan-activity;sid:84343638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480527)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/0meqlsp1qfea.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480527/; classtype:trojan-activity;sid:84343627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480528)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/0i9e4czutzsl.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480528/; classtype:trojan-activity;sid:84343628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.45.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480525/; classtype:trojan-activity;sid:84343625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480526)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/g2avnv1osnr.bin"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480526/; classtype:trojan-activity;sid:84343626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480523)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/v8k7h0kbg.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480523/; classtype:trojan-activity;sid:84343623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480524)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xl29xsw10j.bin"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480524/; classtype:trojan-activity;sid:84343624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480521)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/8yfgu68jb05.bin"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480521/; classtype:trojan-activity;sid:84343621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480522)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rluw8gys7t.bin"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480522/; classtype:trojan-activity;sid:84343622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480519)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/2lzb9irl819.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480519/; classtype:trojan-activity;sid:84343619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480520)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/5q6j2p071qo.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480520/; classtype:trojan-activity;sid:84343620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480518)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/hxpoefpwus.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480518/; classtype:trojan-activity;sid:84343618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480514)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tvqj8m3uev9.bin"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480514/; classtype:trojan-activity;sid:84343614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480515)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/ga0w9shjpkc.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480515/; classtype:trojan-activity;sid:84343615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480516)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/ecpnvklgsx6.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480516/; classtype:trojan-activity;sid:84343616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480517)"; flow:established,from_client; content:"GET"; http_method; content:"/exe/vlqzaznzan.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480517/; classtype:trojan-activity;sid:84343617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480513)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/3r6lp9y66rs.ps1"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480513/; classtype:trojan-activity;sid:84343613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480498)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/pmy1hfj2jig.ps1"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480498/; classtype:trojan-activity;sid:84343598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480499)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/p6xnlsjv0zn.ps1"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480499/; classtype:trojan-activity;sid:84343599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480500)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/20ibms9ldyp.ps1"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480500/; classtype:trojan-activity;sid:84343600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480501)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/ss6bwie1uka.ps1"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480501/; classtype:trojan-activity;sid:84343601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480502)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/sf920uj5ze.ps1"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480502/; classtype:trojan-activity;sid:84343602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480503)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/pmatxsoqn9.ps1"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480503/; classtype:trojan-activity;sid:84343603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480504)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/w88npb4h2z9.ps1"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480504/; classtype:trojan-activity;sid:84343604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480505)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/sutsize3l5.ps1"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480505/; classtype:trojan-activity;sid:84343605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480506)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/pgf9eazaa68.ps1"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480506/; classtype:trojan-activity;sid:84343606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480507)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/mgv8jiitoh.ps1"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480507/; classtype:trojan-activity;sid:84343607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480508)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/e31ogy9nmot.ps1"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480508/; classtype:trojan-activity;sid:84343608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480509)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/qfxim148pa.ps1"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480509/; classtype:trojan-activity;sid:84343609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480510)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/zh30mr1qbyb.ps1"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480510/; classtype:trojan-activity;sid:84343610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480511)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/rfp09go6dc.ps1"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480511/; classtype:trojan-activity;sid:84343611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480512)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell/o1tht2wik7.ps1"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480512/; classtype:trojan-activity;sid:84343612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.45.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480497/; classtype:trojan-activity;sid:84343597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480496)"; flow:established,from_client; content:"GET"; http_method; content:"/pe2shc.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.144.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480496/; classtype:trojan-activity;sid:84343596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.56.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480495/; classtype:trojan-activity;sid:84343595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.234.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480494/; classtype:trojan-activity;sid:84343594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.249.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480493/; classtype:trojan-activity;sid:84343593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.161.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480492/; classtype:trojan-activity;sid:84343592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.56.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480491/; classtype:trojan-activity;sid:84343591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480490)"; flow:established,from_client; content:"GET"; http_method; content:"/dbdylaxck2.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.resolutestumble.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480490/; classtype:trojan-activity;sid:84343590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.112.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480489/; classtype:trojan-activity;sid:84343589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.181.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480488/; classtype:trojan-activity;sid:84343588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.85.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480487/; classtype:trojan-activity;sid:84343587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.181.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480486/; classtype:trojan-activity;sid:84343586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.234.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480485/; classtype:trojan-activity;sid:84343585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.108.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480484/; classtype:trojan-activity;sid:84343584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.140.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480483/; classtype:trojan-activity;sid:84343583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.138.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480482/; classtype:trojan-activity;sid:84343582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.161.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480481/; classtype:trojan-activity;sid:84343581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480480)"; flow:established,from_client; content:"GET"; http_method; content:"/zobrw74l2f.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.resolutestumble.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480480/; classtype:trojan-activity;sid:84343580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.22.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480479/; classtype:trojan-activity;sid:84343579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.116.103.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480478/; classtype:trojan-activity;sid:84343578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.223.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480477/; classtype:trojan-activity;sid:84343577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.193.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480476/; classtype:trojan-activity;sid:84343576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.171.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480475/; classtype:trojan-activity;sid:84343575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480474/; classtype:trojan-activity;sid:84343574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480473/; classtype:trojan-activity;sid:84343573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.138.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480472/; classtype:trojan-activity;sid:84343572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.80.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480471/; classtype:trojan-activity;sid:84343571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.108.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480470/; classtype:trojan-activity;sid:84343570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480469/; classtype:trojan-activity;sid:84343569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.255.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480468/; classtype:trojan-activity;sid:84343568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480467)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.177.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480467/; classtype:trojan-activity;sid:84343567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480466)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.0.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480466/; classtype:trojan-activity;sid:84343566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.105.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480465/; classtype:trojan-activity;sid:84343565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480463/; classtype:trojan-activity;sid:84343563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.207.124.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480464/; classtype:trojan-activity;sid:84343564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.138.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480462/; classtype:trojan-activity;sid:84343562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.108.109.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480460/; classtype:trojan-activity;sid:84343560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480461)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.199.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480461/; classtype:trojan-activity;sid:84343561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.202.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480459/; classtype:trojan-activity;sid:84343559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480458)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.93.93.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480458/; classtype:trojan-activity;sid:84343558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480457)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.120.253.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480457/; classtype:trojan-activity;sid:84343557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480456)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.194.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480456/; classtype:trojan-activity;sid:84343556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.87.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480455/; classtype:trojan-activity;sid:84343555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.97.225.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480454/; classtype:trojan-activity;sid:84343554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.93.47.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480453/; classtype:trojan-activity;sid:84343553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.193.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480451/; classtype:trojan-activity;sid:84343551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.126.51.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480452/; classtype:trojan-activity;sid:84343552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.56.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480450/; classtype:trojan-activity;sid:84343550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.182.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480449/; classtype:trojan-activity;sid:84343549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.138.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480448/; classtype:trojan-activity;sid:84343548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.208.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480447/; classtype:trojan-activity;sid:84343547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.185.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480446/; classtype:trojan-activity;sid:84343546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.87.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480445/; classtype:trojan-activity;sid:84343545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.1.28"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480444/; classtype:trojan-activity;sid:84343544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.113.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480443/; classtype:trojan-activity;sid:84343543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480442/; classtype:trojan-activity;sid:84343542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.231.236.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480441/; classtype:trojan-activity;sid:84343541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.190.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480440/; classtype:trojan-activity;sid:84343540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480438)"; flow:established,from_client; content:"GET"; http_method; content:"/j8ogn6xcdtthqfvq.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"alt-check-v3.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480438/; classtype:trojan-activity;sid:84343538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480434)"; flow:established,from_client; content:"GET"; http_method; content:"/b.mp4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"92.255.85.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480434/; classtype:trojan-activity;sid:84343534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480435)"; flow:established,from_client; content:"GET"; http_method; content:"/redirect.php|3f|redirect=https://boxiesreservguste.com"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"old.ivanoviplus.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480435/; classtype:trojan-activity;sid:84343535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480436)"; flow:established,from_client; content:"GET"; http_method; content:"/gamtcuxm3euywmal.html"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"alt-check-v3.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480436/; classtype:trojan-activity;sid:84343536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480432)"; flow:established,from_client; content:"GET"; http_method; content:"/a.mp4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"92.255.85.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480432/; classtype:trojan-activity;sid:84343532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.117.111.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480431/; classtype:trojan-activity;sid:84343531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.86.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480430/; classtype:trojan-activity;sid:84343530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480429)"; flow:established,from_client; content:"GET"; http_method; content:"/h0wxxtmlw3.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.resolutestumble.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480429/; classtype:trojan-activity;sid:84343529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.220.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480428/; classtype:trojan-activity;sid:84343528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.12.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480426/; classtype:trojan-activity;sid:84343526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.182.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480427/; classtype:trojan-activity;sid:84343527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.36.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480425/; classtype:trojan-activity;sid:84343525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.113.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480424/; classtype:trojan-activity;sid:84343524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480423)"; flow:established,from_client; content:"GET"; http_method; content:"/pq.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.255.85.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480423/; classtype:trojan-activity;sid:84343523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.22.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480422/; classtype:trojan-activity;sid:84343522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.216.71.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480421/; classtype:trojan-activity;sid:84343521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.186.216.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480420/; classtype:trojan-activity;sid:84343520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.62.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480419/; classtype:trojan-activity;sid:84343519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.216.71.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480418/; classtype:trojan-activity;sid:84343518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.185.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480417/; classtype:trojan-activity;sid:84343517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.12.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480416/; classtype:trojan-activity;sid:84343516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.47.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480415/; classtype:trojan-activity;sid:84343515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.159.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480414/; classtype:trojan-activity;sid:84343514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.190.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480413/; classtype:trojan-activity;sid:84343513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.142.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480412/; classtype:trojan-activity;sid:84343512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.36.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480411/; classtype:trojan-activity;sid:84343511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.138.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480410/; classtype:trojan-activity;sid:84343510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.215.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480409/; classtype:trojan-activity;sid:84343509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.242.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480408/; classtype:trojan-activity;sid:84343508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.22.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480407/; classtype:trojan-activity;sid:84343507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.61.19.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480406/; classtype:trojan-activity;sid:84343506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.239.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480405/; classtype:trojan-activity;sid:84343505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.133.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480404/; classtype:trojan-activity;sid:84343504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.160.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480403/; classtype:trojan-activity;sid:84343503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.62.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480402/; classtype:trojan-activity;sid:84343502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.228.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480401/; classtype:trojan-activity;sid:84343501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.215.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480400/; classtype:trojan-activity;sid:84343500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480399)"; flow:established,from_client; content:"GET"; http_method; content:"/u7psgzbe5t.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.resolutestumble.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480399/; classtype:trojan-activity;sid:84343499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.123.219.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480398/; classtype:trojan-activity;sid:84343498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.121.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480397/; classtype:trojan-activity;sid:84343497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.117.111.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480396/; classtype:trojan-activity;sid:84343496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.228.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480395/; classtype:trojan-activity;sid:84343495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.12.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480394/; classtype:trojan-activity;sid:84343494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.252.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480393/; classtype:trojan-activity;sid:84343493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.230.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480392/; classtype:trojan-activity;sid:84343492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.191.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480391/; classtype:trojan-activity;sid:84343491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.228.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480389/; classtype:trojan-activity;sid:84343489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.104.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480390/; classtype:trojan-activity;sid:84343490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.235.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480388/; classtype:trojan-activity;sid:84343488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480387)"; flow:established,from_client; content:"GET"; http_method; content:"/cl"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"pink900g.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480387/; classtype:trojan-activity;sid:84343487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480384)"; flow:established,from_client; content:"GET"; http_method; content:"/sb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"pink900g.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480384/; classtype:trojan-activity;sid:84343484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.87.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480385/; classtype:trojan-activity;sid:84343485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480386)"; flow:established,from_client; content:"GET"; http_method; content:"/sl"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"pink900g.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480386/; classtype:trojan-activity;sid:84343486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480383)"; flow:established,from_client; content:"GET"; http_method; content:"/cb"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"pink900g.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480383/; classtype:trojan-activity;sid:84343483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.231.236.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480382/; classtype:trojan-activity;sid:84343482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.219.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480381/; classtype:trojan-activity;sid:84343481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480380/; classtype:trojan-activity;sid:84343480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.12.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480379/; classtype:trojan-activity;sid:84343479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.84.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480378/; classtype:trojan-activity;sid:84343478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.252.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480377/; classtype:trojan-activity;sid:84343477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.27.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480376/; classtype:trojan-activity;sid:84343476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.238.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480375/; classtype:trojan-activity;sid:84343475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.104.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480374/; classtype:trojan-activity;sid:84343474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.230.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480373/; classtype:trojan-activity;sid:84343473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.105.127.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480372/; classtype:trojan-activity;sid:84343472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480371/; classtype:trojan-activity;sid:84343471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.80.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480370/; classtype:trojan-activity;sid:84343470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.87.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480369/; classtype:trojan-activity;sid:84343469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.95.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480368/; classtype:trojan-activity;sid:84343468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.89.245.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480367/; classtype:trojan-activity;sid:84343467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480366/; classtype:trojan-activity;sid:84343466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480365)"; flow:established,from_client; content:"GET"; http_method; content:"/wfj5jdyj7c.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.resolutestumble.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480365/; classtype:trojan-activity;sid:84343465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.27.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480364/; classtype:trojan-activity;sid:84343464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.7.104"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480363/; classtype:trojan-activity;sid:84343463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.75.87"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480362/; classtype:trojan-activity;sid:84343462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480361)"; flow:established,from_client; content:"GET"; http_method; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480361/; classtype:trojan-activity;sid:84343461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480359)"; flow:established,from_client; content:"GET"; http_method; content:"/nurraif/mytonwallet/releases/download/v2.0/program.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480359/; classtype:trojan-activity;sid:84343459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480360)"; flow:established,from_client; content:"GET"; http_method; content:"/tinytim08/document-cleaning-pipeline/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480360/; classtype:trojan-activity;sid:84343460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.224.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480358/; classtype:trojan-activity;sid:84343458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.105.127.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480357/; classtype:trojan-activity;sid:84343457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.122.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480355/; classtype:trojan-activity;sid:84343455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.131.60.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480356/; classtype:trojan-activity;sid:84343456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.85.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480354/; classtype:trojan-activity;sid:84343454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.181.227.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480352/; classtype:trojan-activity;sid:84343452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.89.245.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480353/; classtype:trojan-activity;sid:84343453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.44.242.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480351/; classtype:trojan-activity;sid:84343451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.250.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480350/; classtype:trojan-activity;sid:84343450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.104.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480349/; classtype:trojan-activity;sid:84343449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.80.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480348/; classtype:trojan-activity;sid:84343448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.63.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480347/; classtype:trojan-activity;sid:84343447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480345)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480345/; classtype:trojan-activity;sid:84343445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.37.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480346/; classtype:trojan-activity;sid:84343446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480344)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.208.105.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480344/; classtype:trojan-activity;sid:84343444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.21.160.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480343/; classtype:trojan-activity;sid:84343443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.93.93.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480342/; classtype:trojan-activity;sid:84343442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.122.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480341/; classtype:trojan-activity;sid:84343441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.121.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480340/; classtype:trojan-activity;sid:84343440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.209.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480339/; classtype:trojan-activity;sid:84343439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.44.242.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480338/; classtype:trojan-activity;sid:84343438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480337)"; flow:established,from_client; content:"GET"; http_method; content:"/username674678867/universal-hwid-spoofer/releases/download/v2.3.4/universal-hwid-spoofer-v2.3.4.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480337/; classtype:trojan-activity;sid:84343437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480335)"; flow:established,from_client; content:"GET"; http_method; content:"/username674678867/universal-hwid-spoofer/releases/download/v2.2.9/universal-hwid-spoofer-v2.2.9.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480335/; classtype:trojan-activity;sid:84343435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480336)"; flow:established,from_client; content:"GET"; http_method; content:"/irifjfjfj/universal-hwid-spoofer/releases/download/3.4.4/universal-hwid-spoofer-3.4.4.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480336/; classtype:trojan-activity;sid:84343436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.11.133.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480333/; classtype:trojan-activity;sid:84343433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.121.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480334/; classtype:trojan-activity;sid:84343434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.84.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480332/; classtype:trojan-activity;sid:84343432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.37.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480330/; classtype:trojan-activity;sid:84343430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.235.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480331/; classtype:trojan-activity;sid:84343431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.246.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480329/; classtype:trojan-activity;sid:84343429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.104.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480328/; classtype:trojan-activity;sid:84343428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.209.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480327/; classtype:trojan-activity;sid:84343427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.142.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480326/; classtype:trojan-activity;sid:84343426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480325)"; flow:established,from_client; content:"GET"; http_method; content:"/xh1o7h8uqt.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.resolutestumble.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480325/; classtype:trojan-activity;sid:84343425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.11.133.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480324/; classtype:trojan-activity;sid:84343424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.161.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480323/; classtype:trojan-activity;sid:84343423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480320)"; flow:established,from_client; content:"GET"; http_method; content:"/thilakshanthavarajah/simpletemp-demo/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480320/; classtype:trojan-activity;sid:84343420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480321)"; flow:established,from_client; content:"GET"; http_method; content:"/asdfghjkl904/llm_rag/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480321/; classtype:trojan-activity;sid:84343421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480322)"; flow:established,from_client; content:"GET"; http_method; content:"/dasara21/hypermatch/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480322/; classtype:trojan-activity;sid:84343422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.37.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480319/; classtype:trojan-activity;sid:84343419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.78.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480318/; classtype:trojan-activity;sid:84343418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.84.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480317/; classtype:trojan-activity;sid:84343417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.235.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480316/; classtype:trojan-activity;sid:84343416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.246.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480315/; classtype:trojan-activity;sid:84343415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.116.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480314/; classtype:trojan-activity;sid:84343414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.196.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480313/; classtype:trojan-activity;sid:84343413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.106.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480312/; classtype:trojan-activity;sid:84343412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.161.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480311/; classtype:trojan-activity;sid:84343411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.188.241.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480310/; classtype:trojan-activity;sid:84343410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480309)"; flow:established,from_client; content:"GET"; http_method; content:"/sell.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cloudcentstorage.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480309/; classtype:trojan-activity;sid:84343409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.228.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480308/; classtype:trojan-activity;sid:84343408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.116.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480307/; classtype:trojan-activity;sid:84343407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.75.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480306/; classtype:trojan-activity;sid:84343406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.152.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480305/; classtype:trojan-activity;sid:84343405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.196.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480304/; classtype:trojan-activity;sid:84343404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.85.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480303/; classtype:trojan-activity;sid:84343403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.188.241.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480302/; classtype:trojan-activity;sid:84343402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.75.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480301/; classtype:trojan-activity;sid:84343401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480300)"; flow:established,from_client; content:"GET"; http_method; content:"/6vptyva42j.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1.creasingzen.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480300/; classtype:trojan-activity;sid:84343400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.106.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480299/; classtype:trojan-activity;sid:84343399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.152.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480298/; classtype:trojan-activity;sid:84343398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.99.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480296/; classtype:trojan-activity;sid:84343396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.208.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480297/; classtype:trojan-activity;sid:84343397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.208.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480295/; classtype:trojan-activity;sid:84343395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.25.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480294/; classtype:trojan-activity;sid:84343394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"lovpnl2.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480293/; classtype:trojan-activity;sid:84343393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"ghmjpanel.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480292/; classtype:trojan-activity;sid:84343392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"jagmepanel.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480290/; classtype:trojan-activity;sid:84343390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"ssahelp.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480291/; classtype:trojan-activity;sid:84343391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"spdmtpanel.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480287/; classtype:trojan-activity;sid:84343387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"lopmpanel.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480288/; classtype:trojan-activity;sid:84343388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"crtjpanel.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480289/; classtype:trojan-activity;sid:84343389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"2fa-v.site"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480283/; classtype:trojan-activity;sid:84343383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"www.xn--magieden-38a.app"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480284/; classtype:trojan-activity;sid:84343384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"servicedhosts.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480285/; classtype:trojan-activity;sid:84343385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"xn--magieden-38a.app"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480286/; classtype:trojan-activity;sid:84343386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"sutmopanel.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480282/; classtype:trojan-activity;sid:84343382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe|3f|i=|7c|26|7c|e=support|7c|26|7c|y=guest|7c|26|7c|r="; http_uri; depth:77; isdataat:!1,relative; nocase; content:"vhsspanel.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480281/; classtype:trojan-activity;sid:84343381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.231.210.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480280/; classtype:trojan-activity;sid:84343380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480279)"; flow:established,from_client; content:"GET"; http_method; content:"/pig85236/45k-udemy-course-wordpress-posts/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480279/; classtype:trojan-activity;sid:84343379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480277)"; flow:established,from_client; content:"GET"; http_method; content:"/gwynelan/linux-basics-for-hackers/releases/download/v2.1.2/linux-basics-for-hackers-v2.1.2.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480277/; classtype:trojan-activity;sid:84343377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480278)"; flow:established,from_client; content:"GET"; http_method; content:"/thanatapn/postman-api-client-setup/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480278/; classtype:trojan-activity;sid:84343378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480270)"; flow:established,from_client; content:"GET"; http_method; content:"/shivank-pharma/cs2-skin-changer-2025/releases/download/v2.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480270/; classtype:trojan-activity;sid:84343370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480271)"; flow:established,from_client; content:"GET"; http_method; content:"/yusen0820/linux-basics-for-hackers/releases/download/v2.6.9/linux-basics-for-hackers-v2.6.9.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480271/; classtype:trojan-activity;sid:84343371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480272)"; flow:established,from_client; content:"GET"; http_method; content:"/zacaria22/driver-booster-pro-installer-2025/releases/download/1.5.6/driver.booster.pro.installer.2025.v1.5.6.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480272/; classtype:trojan-activity;sid:84343372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480273)"; flow:established,from_client; content:"GET"; http_method; content:"/kietmio/awesome-nlp-papers/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480273/; classtype:trojan-activity;sid:84343373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480274)"; flow:established,from_client; content:"GET"; http_method; content:"/gollfinho/browser-testing/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480274/; classtype:trojan-activity;sid:84343374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480275)"; flow:established,from_client; content:"GET"; http_method; content:"/barza22/phpstorm-jetbrains-unlimited-ide/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480275/; classtype:trojan-activity;sid:84343375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480276)"; flow:established,from_client; content:"GET"; http_method; content:"/matezk1/rufus-bootable-usb-installer-2025/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480276/; classtype:trojan-activity;sid:84343376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.252.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480267/; classtype:trojan-activity;sid:84343367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480268)"; flow:established,from_client; content:"GET"; http_method; content:"/sweetfishy/driver-booster-pro-installer-2025/releases/download/v2.7.2/driver.booster.pro.installer.2025.v2.7.2.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480268/; classtype:trojan-activity;sid:84343368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480269)"; flow:established,from_client; content:"GET"; http_method; content:"/erichoang2809/rivals-script/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480269/; classtype:trojan-activity;sid:84343369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480264)"; flow:established,from_client; content:"GET"; http_method; content:"/basha2247/driver-booster-pro-installer-2025/releases/download/v1.6.7/driver.booster.pro.installer.2025.v1.6.7.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480264/; classtype:trojan-activity;sid:84343364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480265)"; flow:established,from_client; content:"GET"; http_method; content:"/dannythescripter/rails-modern-stack-template/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relati